Portal Member Manager

 

+
Search Tips   |   Advanced Search

 


Overview

Member Manager is a component of WebSphere Portal that manages data for users and groups. Users and groups are referred to as "members" in Member Manager. Member Manager keeps track of the overall attribute set of the users and groups within the system and the values of those attributes for individual users and groups. Member Manager does not assign particular roles to its members. Members can take on different roles depending on the activities in which they participate.

The following features are associated with Member Manager:

Profile management: An administrator manages user profiles and data using the Manage Users portlet.
User Repository: The user repository is a collection of profile data for users, user groups, and organizational entities. A registered user can select a user ID and password. The data in the repository can be configured for storage in a database or a directory server.
Group membership: Member Manager manages the group memberships of users in WebSphere Portal. Membership in a group can be used when making Access Control decisions or other portal functionality.

Member Manager does not include Authorization. See Authorization, User Group Permissions help, or Resource Permissions help for more information about Access Control policies.

 

Member types

Registered users: After registering with the system, a user becomes a registered user. A registered user has a user ID and password stored in the user registry. The system might also request profile information from a registered user. Registered users have their preferences saved, so they can close their browser sessions and subsequently return to the site and see the WebSphere Portal displayed with the same preferences and customization as before.

 

Member Groups

A group is an arbitrary collection of members, which typically consists of users who, for example, share a common interest or represent assigned roles. Use the Manage User Groups portlet to create groups.

You can explicitly assign or unassign users and member groups to or from another member group. Nested member groups are also supported. The user registry, either LDAP or database depending on the configuration that is chosen at installation time, holds member group data. Member Manager queries the LDAP server or database as appropriate when searching for membership within a member group.

In an IBM Directory Server environment, Member Manager creates the dummy member entry in a group when the group is created. This dummy member entry is necessary because IBM Directory Server correctly supports the X.500 definition of a group as requiring at least one member. The dummy member entry can be configured in the Member Manager LDAP attribute mapping file. Refer to the "Mapping LDAP Attributes" section for more information.

 

User repository

The user repository refers to the datastore that holds the member profile data and nonregistry groups. This member profile data excludes authentication data. A basic user profile incorporates registration information, address, purchase history, and other miscellaneous attributes, such as news topics of interest, color preferences and more. Attributes in the profile can be multivalued and easily set and retrieved. For example, an employee profile might also contain employee number, job title, and a link to the business organization to which the user belongs. You can initiate basic find operations based on the attribute values.

Either a database or a directory server usually serves as a user repository. Custom options can also be used. Profile data is typically stored in the WebSphere Portal database tables. When LDAP is used as the repository, the profile data is stored in the directory server. If the directory server cannot store all the profile data, for example, because its schema cannot be extended to accommodate new attributes in the profiles, the WebSphere Portal database can be used as a Lookaside database for storing the additional profile data.

 

Authentication

The authentication registry refers to the datastore for user authentication data and registry groups. Group information that is used to configure authorization is considered privileged information, and the groups are registry groups. Typically, the authentication registry is LDAP or the WebSphere Portal database; however, the authentication registry can be a custom datastore that is unknown to Member Manager. Member Manager does not support a Local Operating System as the authentication registry. The authentication registry is specified during the WebSphere Portal installation and is recorded in <wp_root>/shared/app/wmm/wmm.xml.

WebSphere Portal always uses WAS for authentication; however, WebSphere Application Server must be configured to communicate with the appropriate registry type. See Authentication for additional information on authentication options.

 

Nested groups

WebSphere Portal supports nested groups to enable simple inheritance of access control. Two groups are nested if one of the groups contains the other group as a member. The WebSphere Portal access control system treats this as though all members of the contained group are also members of the containing group. In other words, WebSphere Portal treats permissions for nested groups as cumulative. For example, one group, GlobalMarketing contains another group, USMarketing. WebSphere Portal treats this as though all members of USMarketing are also members of GlobalMarketing. So, members of USMarketing inherit the access rights that are granted to GlobalMarketing members. So, if GlobalMarketing has view access to the File Server portlet, and USMarketing has view access to the World Clock portlet, USMarketing has view access to both the File Server and World Clock portlets. So, Joe in GlobalMarketing can only access File Server portlet, but Susan in USMarketing can access the File Server portlet and the World Clock portlet.

For more information about this topic, refer to the latest version of the WebSphere Portal Information Center at http://www.ibm.com/websphere/portal/library.

 

See also