OracleAS Portal Developer Kit (PDK)
Securing the Edit Provider UI

Creation Date:	November 17, 2003
Status:	Production
Version:	PDK Release 2 (9.0.4.0.2 and later)

Introduction

While configuring the providers, you will come across steps where you need to edit the provider. The UI displayed when you edit the provider in standalone OC4J installation is not secured. This UI can be secured only for OC4J instance deployment in OracleAS.

Securing the UI

The UI is secured with OracleAS Single Sign-On. The param-value for oracle.webdb.providerui.securedAccessParam in:
$ORACLE_HOME/j2ee/OC4J_Portal/applications/portalTools/providerBuilder/WEB-INF/web.xml defines whether the UI is secured or not. If set to true, the UI is secured (default for OracleAS installation). If set to false, it is not protected (default for standalone OC4J installation).

After this, you should edit $IAS_HOME/j2ee/OC4J_Portal/applications/portalTools/providerBuilder/WEB-INF/deployment_providerui/provideruiacls.xml file ( replace OC4J_Portal with OC4J instance in your OracleAS installation where you have deployed Portal Tools application) -
In this file, you can grant privileges to various users.
Here is a sample provideruiacls.xml file:

<providerui xmlns="http://www.oracle.com/portal/providerui/1.0">
<objectType name="ALL_OBJECTS">
<object name="ANY_PROVIDER" owner="providerui">
<user name="any_provider_manager_user" privilege="500"/>
<user name="any_provider_edit_user" privilege="400"/>
<user name="any_provider_execute_user" privilege="300"/>
</object>
</objectType>
<objectType name="PROVIDER">
<object name="TEST_PROVIDER" owner="providerui">
<user name="provider_manage_user" privilege="500"/>
<user name="provider_edit_user" privilege="400"/>
<user name="provider_execute_user" privilege="300"/>
</object>
</objectType>
</providerui>

You can define the privileges at global level or at object level.

These are the global level privileges (as shown in the sample file above):

any_provider_manage_user - can create/edit/delete/open any provider and portlets under them.
any_provider_edit_user - can create/edit any provider and execute the portlets under them.
any_provider_execute_user - can open any provider and execute the portlets under them.

These are the object level privileges (as shown in the sample file above):

provider_manage_user - can edit/delete/open the provider called "TEST_PROVIDER" and the portlets under it.
provider_edit_user - can edit the provider called "TEST_PROVIDER" and execute portlets under it.
provider_execute_user - can open the provider called "TEST_PROVIDER" and execute portlets under it.

After granting appropriate privileges, you will need to restart your OracleAS instance.

Revision History:

Revision No	Last Update
1.0	October 21, 2002
2.0	November 17, 2003

Oracle Corporation
World Headquarters
500 Oracle Parkway
Redwood Shores, CA 94065, USA
http://www.oracle.com/

Worldwide Inquiries:
1-800-ORACLE1
Fax 650.506.7200

OracleAS Portal Developer Kit (PDK) Securing the Edit Provider UI

Introduction

Securing the UI

OracleAS Portal Developer Kit (PDK)
Securing the Edit Provider UI