Manage Access Control
To administer WebSphere Portal access control, use...
- Resource Permissions portlet
- User and Group Permissions portlet
- Manage Users and Groups portlet
- Portal Scripting Interface
- XML configuration interface
Authorization
Authorization uses roles to control user access to resources and services.
WebSphere Portal verifies that the user has appropriate access rights to use the requested resource. Access rights are administered using...
- Group Permissions portlet
- Resource Permissions portlet
- Manage Users and Groups portlet
- Portal Script Interface
Access control information is accessible through the XML configuration interface. By default access control data is stored in the WebSphere Portal database. Alternately, we can configure an external security manager, such as TAM, to host parts of the access control data and to manage role assignments.
All unauthenticated portal users are considered anonymous users. The portal access control component provides a dedicated virtual principal called Anonymous Portal User to represent such users. Prior to authenticating to the portal, an anonymous portal user, represented by this virtual principal, has specific access to a portal resource or portal service. In order for users to benefit from user and group specific privileges, they must successfully authenticate to the portal. Portal access control works independently from the authentication of actual portal users.
WebSphere Portal only protects portal resources and services. WebSphere Application Server protects J2EE artifacts such as...
- servlet URLs
- Enterprise Java Beans methods
...and portal artifacts such as...
- servers
- node configurations
WebSphere Portal Administrator and Security Administrator
The roles...
- Administrator@Portal
- Security Administrator@Portal
...contain a special permission that is not available to any other role. This permission allows the Administrator or Security Administrator to make arbitrary changes to the access control configuration of all resources.
The Administrator and Security Administrator can create and delete...
- roles
- role assignments
- role blocks
If the portal is configured to allow an external security manager such as TAM to manage role assignments, additional privileges need to be set to allow arbitrary changes to the access control configuration.
To change the access control configuration for resources that are externally managed, have the role...
Administrator@External Access Control...or...
Security Administrator@External Access Control
Related information
- Manage access, users, and groups
- Manage users and groups
- External security managers
- Authentication
- Resources
- Roles
- Access rights
- Initial Access Control Settings
- Access control scenarios
- Delegated Access Control Administration
- Setting user and group permissions
- Setting resource permissions