Member Manager
Overview
Member Manager manages user and group attributes within WebSphere Portal, including...
Profile management User profiles and data. User Repository Profile data for users, user groups, and organizational entities. A registered user can select a user ID and password. The data in the repository can be stored in a database or a directory server.
Group membership Membership in a group can be used when making Access Control decisions or other portal functionality. Note that Member Manager does not include Authorization.
Member types
After registering with the system, a user becomes a registered user. A registered user has a user ID and password stored in the user registry. The system might also request profile information from a registered user. Registered users have their preferences saved, so they can close their browser sessions and subsequently return to the site and see the WebSphere Portal displayed with the same preferences and customization as before.
Member Groups
A group is an arbitrary collection of members, which typically consists of users who, for example, share a common interest or represent assigned roles. Use the Manage User Groups portlet to create groups.
You can explicitly assign or unassign users and member groups to or from another member group. Nested member groups are also supported. The user registry, either LDAP or database depending on the configuration that is chosen at installation time, holds member group data. Member Manager queries the LDAP server or database as appropriate when searching for membership within a member group.
Note that in an IBM Directory Server environment, Member Manager creates the dummy member entry in a group when the group is created. This dummy member entry is necessary because IBM Directory Server correctly supports the X.500 definition of a group as requiring at least one member. The dummy member entry can be configured in the Member Manager LDAP attribute mapping file.
User repository
The user repository refers to the datastore that holds the member profile data and nonregistry groups. This member profile data excludes authentication data. A basic user profile incorporates registration information, address, purchase history, and other miscellaneous attributes, such as news topics of interest, color preferences and more. Attributes in the profile can be multivalued and easily set and retrieved.
For example, an employee profile might also contain employee number, job title, and a link to the business organization to which the user belongs. You can initiate basic find operations based on the attribute values.
Either a database or a directory server usually serves as a user repository. Custom options can also be used. Profile data is typically stored in the WebSphere Portal database tables. When LDAP is used as the repository, the profile data is stored in the directory server. If the directory server cannot store all the profile data, for example, because its schema cannot be extended to accommodate new attributes in the profiles, the WebSphere Portal database can be used as a Lookaside database for storing the additional profile data.
Authentication
The authentication registry refers to the datastore for user authentication data and registry groups. Group information that is used to configure authorization is considered privileged information, and the groups are registry groups. Typically, the authentication registry is LDAP or the WebSphere Portal database; however, the authentication registry can be a custom datastore that is unknown to Member Manager. Member Manager does not support a Local Operating System as the authentication registry. The authentication registry is specified during the WebSphere Portal installation and is recorded in...
<wp_root>/shared/app/wmm/wmm.xmlWebSphere Portal always uses WebSphere Application Server for authentication; however, WebSphere Application Server must be configured to communicate with the appropriate registry type.
Nested groups
WebSphere Portal supports nested groups to enable simple inheritance of access control. Two groups are nested if one of the groups contains the other group as a member. The WebSphere Portal access control system treats this as though all members of the contained group are also members of the containing group. In other words, WebSphere Portal treats permissions for nested groups as cumulative. For example, one group, GlobalMarketing contains another group, USMarketing. WebSphere Portal treats this as though all members of USMarketing are also members of GlobalMarketing. So, members of USMarketing inherit the access rights that are granted to GlobalMarketing members. So, if GlobalMarketing has view access to the File Server portlet, and USMarketing has view access to the World Clock portlet, USMarketing has view access to both the File Server and World Clock portlets. So, Joe in GlobalMarketing can only access File Server portlet, but Susan in USMarketing can access the File Server portlet and the World Clock portlet.
See also
- Security concepts
- Authentication
- Authorization
- External Security Managers
- Set up SSL
- Manage users and groups
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.