84 Document Management Using WebSphere Portal V5.0.2 and DB2 Content Manager V8.2
2.6.1 WebSphere Portal authorization
WebSphere Portal administrators configure access to portal resources (for
example, pages, portlets) by assigning users or groups to access roles. The
application supports fine-grained access control over resources and users can
interact with (view, edit, manage etc) only those resources for which they have
appropriate access rights (for example, role based content and services).
When rendering a resource, WebSphere Portal verifies that the user has
appropriate rights to use the requested resource. Access rights are administered
through the User Group Permissions and Resource Permissions portlets and
stored in the WebSphere Portal database by default (application specific).
Other than the requirement for a successful authentication, authorization is
independent of WebSphere Application Server or any custom authentication
proxy. WebSphere Application Server protects servlets and enterprise beans, but
WebSphere Portal protects its own internal resources, such as pages and
portlets.
In WebSphere Portal V5.0, access control is based on roles. A role combines a
set of permissions with a specific WebSphere Portal resource. This set of
permissions is called a role type. You can assign roles on virtual resources and
on resource instances. Resource instances are specific resources, such as a
single portlet or page. Virtual resources are a unique resource type that have two
functions:
They protect sensitive operations that affect the entire portal or specific
concepts in the portal. For example, the XML configuration interface virtual
resource protects the ability to execute scripts through that XML configuration
interface.
They are parent resources for all resource instances. Role assignments on
the Web Modules virtual resource permit access to all Web modules in the
portal.
2.6.2 DB2 Content Manager authorization
In DB2 Content Manager, each user is granted a set of privileges that define the
maximum possible authorizations (application specific operations) a user can
perform. The user’s effective access rights will never exceed the user defined
privileges.
Note: Additional information can be found on WebSphere Portal InfoCenter
which is also available on the following Web page:
http://publib.boulder.ibm.com/pvc/wp/502/ent/en/InfoCenter/index.html