|
Home > Archive > WebSphere Portal Server > July 2005 > Portal Security - User Permissions
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Portal Security - User Permissions
|
|
|
| Hello,
I have some questions regarding security and administration.
Whats the proper way to set the security. What I did was to set security on a page, lets say called A, and I thought that the portlets inside that page, would have inherited the security, but I see that they dont, so that I have to set the security for ev
ery portlet in every page.
Is that correct? Is there a better way?
Thanks,
Dan
| |
| Maik Weber 2005-07-22, 8:02 am |
| No, portlets on a page do not inherit the ACL of that page.
Inheritation works for the content model, that means, pages
under your page A have the same ACL if not blocked.
For portlets you have to define the ACL either for every portlet,
or, if they are in the same Portlet APplication, just for that
application. ACL will be inherit to the portlets included with that
application. Ususally, Portlets are not in different applications,
so, you have to setup ACL for every portlet.
Maik
gamesstate@gmail.com wrote:
> Hello,
> I have some questions regarding security and administration.
> Whats the proper way to set the security. What I did was to set security on a page, lets say called A, and I thought that the portlets inside that page, would have inherited the security, but I see that they dont, so that I have to set the security for
every portlet in every page.
>
> Is that correct? Is there a better way?
> Thanks,
> Dan
| |
|
| Maik is correct...security for pages/labels is separate from security for portlets/portlet applications.
Unfortunately, you cannot assign security at the web module level and have it inherit to the portlets since the virtual resource model doesn't work that way. We usually assign security at the portlet application level, which will propogate to the portlet
s.
What you end up with is a combination of security roles, so you will need to coordinate page access with portlet access to get the desired results.
Victor
| |
| Maik Weber 2005-07-28, 2:52 am |
| Yes, you are right. You cannot set ACL at module level and have it
inherit to all portlets. As I said, it is possible at portlet
application level. Inheritance from page to portlets makes no sense
or at least it is very hard to implement, because, what happens if you
have a portlet on different pages.
So, you have to setup a security concept for your pages and your
portlets. At least, usually the concept for pages is less complicated
than the concept for portlets. Example: two persons can see one page
where Portlet A and Portlet B are located. However, person 1 can only
see Portlet A, and Person 2 can only see Portlet B. So, that's why ACL
inheritance does not work for pages -> portlets.
Maik
victor.schaefferkoetter@mutualofomaha.com wrote:
> Maik is correct...security for pages/labels is separate from security for portlets/portlet applications.
>
> Unfortunately, you cannot assign security at the web module level and have it inherit to the portlets since the virtual resource model doesn't work that way. We usually assign security at the portlet application level, which will propogate to the portl
ets.
>
> What you end up with is a combination of security roles, so you will need to coordinate page access with portlet access to get the desired results.
>
> Victor
|
|
|
|
|