Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows
Manage Access Control
This topic describes concepts that are related to administering IBM® WebSphere® Portal Express access control. To administer access control, use the Resource Permissions, User and Group Permissions, and Manage Users and Groups portlets or the Portal Script Interface.
See the portlet help documents, and the Portal Access Control, for detailed information about administrative tasks that are related to access control.
The The XML configuration interface also has information on access control configuration.
Authorization
Authorization is sometimes referred to as access control. Authorization determines what interactions a user is permitted to have with a resource or a service. Administrators configure access to resources or services by assigning roles to users and groups.
WebSphere Portal Express supports fine-grained access control over resources. Users can select and view only those resources for which they have appropriate access rights. When rendering a resource, WebSphere Portal Express verifies that the user has appropriate rights to use the requested resource. Access rights are administered through the:
- dedicated access control administration portlets calledUser Group Permissions and Resource Permissions
- group membership portlet called Manage Users and Groups
- Portal Script Interface
Access control information is accessible through the XML configuration interface. By default access control data is stored in the WebSphere Portal Express database.
All unauthenticated users are considered anonymous users. The access control component provides a dedicated virtual principal called Virtual Users and Groups to represent such users. Prior to authenticating, an anonymous user, represented by this virtual principal, has specific access to a resource or service. In order for users to benefit from user and group specific privileges, they must successfully authenticate.
Access control works independently from the authentication of actual users.
WebSphere Portal Express only protects resources and services. WebSphere Application Server protects J2EE artifacts (for example servlet URLs and Enterprise Java Beans methods) and it's artifacts (like server or node configurations).
WebSphere Portal Express Administrator and Security Administrator
The Administrator@Portal and Security Administrator@Portal roles contain a special permission that is not available to any other role. This permission allows the Administrator or Security Administrator to make arbitrary changes to the access control configuration of all resources.
The Administrator and Security Administrator can create and delete roles, role assignments, and role blocks. If the configuration allows an external security manager such as to manage role assignments, additional privileges need to be set to allow arbitrary changes to the access control configuration.
To change the access control configuration for resources that are externally managed, have the Administrator@External Access Control or the Security Administrator@External Access Control role.
Related information
- Manage access, users, and groups
- Manage users and groups
- Resources
- Roles
- Access rights
- Initial Access Control Settings
- Access control scenarios
- Delegated Access Control Administration
- Set user and group permissions
- Set resource permissions