Security overview

The default security configuration of the Script Portlet places limits on which Portal users are able to access the editor and import features. These limits can be customized with the administration pages of the server.

By default the Script Portlet imposes security constraints on several features that only authorized and trusted users must be allowed to access. These features include the ability to define and edit new Script Portlet instances and the ability to import content used to construct those instances. Configure the security of these features properly to protect the server from malicious users.

There are additional constraints placed upon the upload feature that limit the size and content of uploaded archives. In the current release of the Script Portlet these constraints cannot be changed by a customer, but they are set by default at levels that will easily accommodate most use-cases.

• J2EE and security constraints
  The Script Portlet Authors and Script Portlet Users roles define access to Script Portlet features.

• Imported archive security
  There are constraints on the size and content of uploaded archives to add an additional layer of security when importing archives.

• Customize security constraints
  We can relax or strengthen the access controls on the editor and import features. If we have a non-standard Portal security configuration must perform manual administration steps to map the Script Portlet Authors and Script Portlet Users roles to the appropriate Portal groups in their environment.

Parent IBM Script Portlet