Custom Document Security in Oracle WebCenter Portal 12c
By: Greg Becker | Splunk Consultant, Team Lead
During a recent project, a customer had business units that had a requirement to provide more granular security in the Documents hierarchy than the out-of-the-box WebCenter Portal 12c product can accommodate. For this project, we used the security features that are available within WebCenter Content using document accounts and security groups. With this approach, all that we had to do was configure a unique folder entry point from Portal into Framework Folders within Content and the remainder was simply configurations within WCC. The remainder of this document outlines that process.
This approach requires configurations in various locations:
- Group membership in the Identity Management store
- Security Accounts and Security Groups in WebCenter Content
- Credential map settings in WebCenter Content
- Folder security settings in WebCenter Content
Group Membership:
From an Administrative perspective (AD/LDAP)
- Create the new AD/LDAP group naming, come up with a consistent naming convention and use any existing suggestions from the AD/LDAP team
- Get the groups created and assign users to the groups.
- Login to the appropriate Identity Management tool
- Create a new group and assign users to that group
- Name the new group
- Assign users to the new group
- Click “Create” to create the new group with selected users
- Repeat for any additional groups that are required
Create the new Security Accounts in WebCenter Content:
- Login to WebCenter Content as an administrator
- Navigate to Administration -> Admin Applets
- Start the User Admin applet
- Choose Security -> Predefined Accounts
5. Add the new accounts to accommodate the defined folder structure. Below is an example structure:
Update the Credential Map in WebCenter Content:
- Login to WebCenter Content as an administrator
- Navigate to Administration -> Credential Maps
- Choose the appropriate credential map to modify
- In this example we will copy the Allowancing section and make the appropriate edits (this is where the IdM group maps to UCM accounts and security groups)
5. Add the new entries for the new folder
6. Click Update to save
Add the new folder with security attributes in Content UI for WebCenter Content:
- Login to WebCenter Content UI as an administrator (https://<WebCenter Portal>/wcc/faces/wccmain)
- Navigate to the appropriate top-level folder already assigned to the portal that you are working with:
3. Click the icon in the upper right to create a new folder
4. Name the folder HAZMAT and click Save
5. In the folder tree right-click on the new folder and choose Properties to modify the security for the folder
6. In the Folder Properties dialog box switch to the Security tab and ensure that the new account is selected and then click Save
Validation
At this point, you should be able to login with the users that you assigned to the new group in IdM and verify that they see the appropriate new folder. Logging in with the new user shows the following folder result:
Specify the starting folder within WebCenter Content:
When you have created your folders and set permissions within WebCenter Content you can then specify the starting folder within your Portal – this is the key to taking advantage of the custom security. The following image shows where the configuration happens for the Content Manager.
Migration:
After you have configured this solution in a test environment you can use the following guidelines to migrate from one environment to another.
- Migrate AD/LDAP groups and user configs as needed
- Use CMU bundles inside Content to migrate security accounts (or re-create manually)
- Copy over Credential Map
- Use Archiver to move the folder structure to PROD
- Use Archiver to move the entire batch of content if it was moved into the TEST environment
- Alternatively, only do some test content and only contribute ‘real’ content when PROD is ready
- Validate
Want to learn more about custom document security in Oracle WebCenter Portal 12c? Contact us today!