The user management engine (UME) uses UME actions to enforce authorizations. An action is a collection of Java permissions that define which activities a user can perform. UME actions can be assigned to UME roles or portal roles. If a role with a UME action is assigned to a user, the user gains the authorizations provided by the action. The UME verifies that users have the appropriate UME actions assigned to them before granting them access to UME iViews and functions. Other applications can also define or check for actions.
The following table lists the UME actions assigned to portal roles by default.
Portal Roles with Default UME Actions
Portal Role | Assigned UME Actions |
Delegated User Administrator | UME.Manage_Users UME.Manage_Role_Assignments |
Every User Core Role | UME.Manage_My_Profile |
Standard User Role | UME.Manage_My_Profile |
Super Administrator | UME.AclSuperUser UME.Manage_All |
System Admin | UME.System_Admin |
User Administrator | UME.Manage_All |
Some UME actions are defined specifically for the portal environment:
· UME.AclSuperUser
· UME.Manage_Role_Assignments
· UME.Remote_Producer_Read_Access
· UME.Remote_Producer_Write_Access
Integration
In the portal, you can assign UME actions to portal roles with the Role Editor. Each UME action is listed as a property in the Property Editor for roles. Set an action to Yes to assign it to the portal role and change the role's authorizations. This information is recorded in the Portal Content Directory (PCD), which is why you cannot use the delete function of identity management to remove actions from a portal role. When try to delete the role with identity management, the UME only removes the user and group assignments. You must edit the role manually either in identity management or the Role Editor.
Comments (0)
Post a Comment