+

Search Tips   |   Advanced Search

 

Example: Portal security schema

 

The portal security descriptor describes application roles for a portal application and maps those roles to actual users and groups of the console. The following example shows the ibm-portal-security.xml for the page layout sample.

 

Description of the portal security elements

<ibm-portal-security/>

Root element of the portal security descriptor. This element contains the following element.

<application-role/>

Optional and multiple allowed. Specifies an application role for the portal application. An application role maps a set of permissions, or role type, to a specific resource defined in the application's topology descriptor. The following attribute is used with this element.

uniqueName

Required. Specifies the administrative role for this application. The role can be one of the existing roles that are provided by the application server or you can specify a new role for the application that is created during deployment.

  • When you specify one of the application server roles, make sure you use all lower case (for example, administrator, operator, monitor, or configurator) rather than the initial capitalization that appears in the console interface (Administrator, Operator, Monitor, or Configurator). If there is a mismatch in upper or lower casing (MOnitor instead of monitor), then the role cannot be created.

  • When you specify a new role for an application, use lowercase characters as a guideline.

  • The console also provides the all authenticated portal users virtual role. Resources with all authenticated portal users permission are available to all authenticated users.

  • When you specify a new role, it inherits the access rights of the monitor role when it is created. A user with the new administrative role has access to the same resources as a user with the monitor role.

  • When you specify a resource in the topology descriptor without protecting it with an administrative role or virtual role, it becomes unavailable to any role.

To guarantee uniqueness, see Console module elements - guidelines for unique identifiers.

The following element makes up the content of the application role.

<portal-role/>

Optional and multiple allowed. Associates a resource with a role type. The role type determines what actions a user can perform on that resource. The following attributes can be used with this element.

object-ref

Unique name of a resource in the topology descriptor. For this release, only portlet entities and navigation elements are supported.

role-type

Set of actions the user with this role type can perform on the resource. For this release, role-type has meaning only for portlet entities. The following values are allowed for this release (case-sensitive):

     

  • User

    A user with this role type is allowed to view the resource and access help.

     

  • Privileged User

    A user with this role type is allowed to view the resource, edit preferences, and access help.

These role mappings cannot be changed through the console. Instead, you can update the descriptor in its extracted location on the server. You must delete and redeploy the application to cause the changes to take effect.

The console module samples provide examples of how to develop the elements of the portal security descriptor.

 

Related information


Example: Console module samples
Creating the descriptors for the console module
Administrative roles

 

Reference topic