Users and groups
WebSphere Portal offers you centralized administration of users and user groups, allowing you to better define users and manage user access rights. Users can register and manage their own account information, or an administrator can provision and manage users. Group memberships can be used to give the required permissions to access an object or perform a request.
- Manage users and groups
The Manage Users and Groups portlet allows you to view, create, and delete users and user groups. You can also change group memberships.
- Add new users
You must add users so that they can access resources.
- View the members of a group
Display a list of all the group members for a particular user group.
- Edit user information
Edit user information such as password, User ID, first name, last name, e-mail address, or preferred language.
- Reusing group information
IBM WAS stores information about which groups a user belongs to. You can configure WebSphere Portal to reuse the information from the WAS security context instead of from the LDAP server. This function is also referred to as group assertion or WAS group assertion.
- Deleting users and groups
You can delete a user or user group from WebSphere Portal.
- Virtual Users and Groups
There are two predefined virtual user groups (All Authenticated Portal Users and All Portal User Groups) and one virtual user (Anonymous Portal User). These predefined virtual groups and user allow for access control configuration that applies to abstract sets of users. They are not stored in the user registry. They only exist within the access control context. You cannot change group membership or other attributes of these virtual usergroups and user.
- Enable user impersonation
The Impersonation feature allows a user such as a support specialist to access a user's system to test out a new page, portlet, etc. and to see any issues as they occur on the end user system. Portal Access Control controls the ability to impersonate another user. To be able to impersonate another user, have Delegator@User access. You first need to enable the impersonation feature within WebSphere Portal.
- Customize common name generation
By default, WebSphere Portal generates common names that consists of the user's first name followed by the last name.
You can change the order that common names are generated.
- Nested groups
Two groups are nested if one of the groups contains the other group as a member. The access control system treats this as though all members of the contained group are also members of the containing group. In other words, permissions for nested groups are treated as cumulative.
- Registration/Edit My Profile and Login portlets
The Registration/Edit My Profile and Login portlet resides on special pages where the anonymous user has access rights based on the User role.
The unique name wps.Login is assigned to the page holding the login portlet, and the unique name wps.Selfcare is assigned to the page holding the Registration/Edit My Profile portlet.
- Deregistering users and groups
WebSphere Portal stores users and groups that exist in the user registry as entries in the database. When using the XML configuration interface or the Manage User and Groups portlet to delete users and groups, they are deleted from the user registry as well as from the database. Deleting a user or group directly from the configured user registry does not remove the database entry. Also, WebSphere Portal does not remove entries from its database when users or groups are muted in the user registry, for example, users with too many wrong password attempts. You can manually remove the users and groups from the database.
- Set limits on searches for users and groups
Searching for users or groups is a time consuming task. A search may time out or return more results than the system can handle or the user may expect. To prevent this behavior, you can set limits on searches for users or groups.
Parent topic:
Administer WebSphere Portal
Related concepts
Work with the Portal Scripting Interface
Related reference
Portal configuration services