Document Sample
7 Powered By Docstoc
					                  Portal Security Administration
Along with a comprehensive development environment, Oracle Portal provides a
centralized administration for the enterprise Portal.

Within the Administer tab you will find the Portal, Portlets and Database sub tabs.

Portal administration will be able to perform the following tasks from these sub
Administer Tab

One of the functions available to the Portal administrator under the administer tab
is the login server administrator. The login server administrator can execute a
number of tasks:

Tasks                      Functions

SSO user accounts          Maintain and edit user accounts
                           (passwords, email addresses,
                           login privileges). Database or
                           Portal administrators should only
                           carry out this function.

Login server               Editing the login server
configuration              configuration settings.

Partner applications       Edit the settings necessary to
                           access partner applications. This
                           may include URL's, logins, and
                           contact information.

External applications      Edit the setting necessary to
                           access external applications.
                           This may include URL's,

Access to Oracle Portal and Oracle database objects are controlled by user
authorization. When a user logins into Oracle Portal, the authorization method
either accepts or denies the user based on the combination of his or her
username and password.

Since Oracle Portal has mechanisms to web enable an Oracle database, there
must be database authorization. Grants allow for users to access database
objects that are used to define and build Portal components. The modplsql
gateway controls access to the PL/SQL code that is generated from the
development of Portal components. Portal verifies user’s credentials to ensure
that privileges are set to allow for access to modplsql components.

Keep in mind that every object within Portal must be accessed based on a
set of privileges.

Portal security - Users
When developing an enterprise Portal site, security must be maintained to
provide data protection.
Oracle Portal has built in security features that ensure site integrity at multiple
levels. Security features exist at both the user level and underlying architectural

Oracle Portal maintains security for users, groups, privileges associated to
applications, and objects. The login server is used to authenticate all users
accessing the Portal environment. The functionality of the single sign-on allows
for authentication across the entire enterprise, without having to login multiple


Oracle Portal provides for several different types of users to be created including
the Database, Portal, and Single sign-on users as described below.

Database user
The database user is created to own database objects, components, and

Portal user
The Portal user is created to access Oracle Portal. When the Portal user account
is created, details, preferences and privileges are established with the Portal
framework, for development and administration.

Keep in mind that Portal users are created to access non-public information
within the Portal development environment.

The Portal user account does not hold express privileges to the database, but
rather only to the Portal environment. This is unlike earlier versions of the
product, like WebDB, where a user would have privileges to not only the
development environment, but also to the database. With this in mind, each
Portal user must be associated to a database schema and have privileges to
view and manage pages.

Single sign-on user (SSO)
The single sign-on user has access to all registered applications.

   User Type            Attributes
   Database user        Database objects and components
   Portal user          Portal privileges
   Single sign-on
                        Access to applications
Portal Users
To create Portal users, click on the Administer tab then the Portal tab. Click on
the Create New User link. Fill in the information about this user. Mandatory
fields have an asterisk * beside them.

Role assignments and privilege assignments are specified here. If user is not
going to be part of a group, all privileges must be selected here. If user is part of
a group, additional privileges can be set.

Portal administrators can manage the user from the Portal User Profile portlet.

When a user is created, the administrator must designate preferences. One
would be whether or not the user is allowed to login to Portal. The check box
Allow User to Log On gives the user the ability to login to Portal as an authorized
user; if it's unchecked, the user will be considered a public user. Other
preferences are given here also.

Once Portal users have been created, privileges can be set for different types of
objects available in the Portal environment.
Portal Groups
Groups are a collection of users who hold the same privileges. When Oracle
Portal is installed, five default groups are created:

      DBA

The first three are the standard Portal Groups. Assigning users to become
members of these groups are a good way to control access to Portal components
by bringing together users that have common privileges. Review page 325 of
your book for specific privileges on these groups.

To create groups, navigate to the Group portlet and click on the Create New
Group link.
Keep in mind that when users are added to groups, they can be classified as
group owners. Group owners have the authority to modify or delete the group, or
to change the group's membership. A group owner must be a member of the
group itself.

When you assign an Oracle Portal user to a group, the user is automatically
granted all the privileges of the group.

To create an Oracle Portal application, you must be a member of the
on your role. To build a new database schema, you must be a member of
the DBA group or be assigned these privileges specifically.

When creating or editing a group you will get this screen:
You see that you are automatically the owner of the group. You can then add users to
your group. The bottom of this page is similar to the user’s individual roles and
privileges. However by giving the entire group these privileges, each user automatically
gets them.

Authenticated Users

Authenticated users are not to be confused with other types of groups. An
authenticated user is anyone that logs into Oracle Portal successfully by
providing a valid username and password.


The services portlet provides a number of different options that are useful in
Portal administration.

The Global Settings link is perhaps one of the most important pages under the
Administer Portal tab. Here you can define or edit everything from the default
home page to Portal behavior.

Administer Database Tab

The Administer Database tab is designed to provide Portal Administrators with
the ability to interact directly with the database.

The tab can be viewed as two parts:

   1. Create schemas
   2. Create roles
Interaction with the database

View database information by report

Administer Portlets

Administer Portlets is access to viewing all available portlets within the portlet
repository. You can also register remote providers or provider groups. This will
allow excess to portlets outside of the current portal environment.

Access to Objects

Controlling access to Portal objects can function on several levels. Portal objects
can be classified in two ways, public and private. Public objects are accessible by
anyone, even to those users that are not logged into Portal.
Private objects are controlled. Privileges determine to what extent a user or
group of users can interact with the object. Only the creator of the object or
someone with managerial privileges can grant access to the object. In addition,
the global privilege allows complete access to objects of a given type.

Allowing Application Objects to be exposed as a

To allow forms, reports, charts, etc…. to be inserted into a page, you must grant
privileges (check expose as provider) to your application first, then to each
component built within the application. To do this:

   1. Select the ‘Grant Access’ option listed beside your application.
   2. With 10g the ‘Expose as Provider’ option and the Inherit Privileges is
      checked as the default. Verify this.
   3. Go into your application by selected the name of the application.
   4. Repeat steps 1-3 for each object within the application that you would like
      to be able to put on a page.

Object within Provide page:
Provider Grant Access page

Testing your Access
  1.  Select ‘My Pages’ from the Pages tab.
  2.  Select ‘Edit’ from one of your test pages.
  3.  Select the ‘add portlet’ icon from one of your portlet regions.
  4.  Select Portlet Repository.
  5.  Select Portlet Staging area.
  6.  Select the name of your Provider/Application
  7.  Select some of the objects listed in your provider.
  8.  Make sure they show up in the ‘Selected Portlets’ region after being
  9. Select OK, then Close.
  10. Now, select your page (view page) to make it run.
  11. Verify that the objects you selected show up on the page.

Shared By: