ACL - ILS (Item Level Security) for Content Server & WebCenter Spaces

Similar Messages

• ACL - ILS (Item Level Security) for Webcenter Spaces

  We're trying to implement Item Level Security (ILS / ACL) for Webcenter spaces. We're following the instructions from the Oracle® Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1.5.0) http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405.pdf
  After making the configuration changes, we're unable to see the "Security" option from the "File" menu in the Document explorer. Has anyone else implemented this feature and ran into similar issues?
  Also, we're looking at the document properties in webcenter spaces via document explorer and do not see the "security group" or "accounts" metadata fields. We can see the "Content ID" and a whole bunch of fields and do not see "security groups" and "accounts". However, when we log into the content server and look at the folder or file "info" we can clearly see the security group and account values...not sure what is required to make these two fields show up in webcenter spaces.

  Hi ,
  Do you upload the documents from spaces or from UCM side ?
  When you say the security and account field are not displayed , is that when viewing the content or during update ?
  When the ACL features are turned off do you see the above fields ?
  Thanks
  Srinath

• Item level security for custom items in 902

  I've created several custom item types and created some items in a page
  that enables Item Level Security.
  Enabling item level security on any of these items cause
  Error 30694: Error in API - update item failed
  Steps:
  1. Create custom item type
  Extended simple text type
  added image attribute
  2. Create custom item
  3. Edit custom item just created
  Select Access / Item Level Security
  Select Define Item Level Access Privileges
  Hit Apply or OK
  -> Error 30694: Error in API - update item failed
  Same error is using a "Image" item type.
  The above steps do not cause an error if using the default types; e.g. Simple Text and Simple URL
  Also tried promoting the item type so its shared. No effect.
  Is item-level security only for base "simple" item types??? If so then this is a MAJOR restriction.
  Any help would be greatly appreciated.
  --jason mathews                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

  Hi Jason
  I filed a bug on this. See 2529787
  I narrowed the problem down to custom item types that have a file or image attribute and only when the item is edited by someone other than the orginial publisher.

• Access Tab not showing for item level security

  I have enabled item level security for the portal page I am working on, but the access tab for the items is not showing.
  I have come accross exactly the same problem on this forum and the advice was:
  Hi try the following :
  go to page properties
  set the item level security
  clear the cache
  clear your browser cache
  it should work "
  I have tried all that, closed and opened a browser but the access tab is still not showing. This is a 10.1.4 portal on LINUX. Starnge enough I have a testing environment installed on my Windows XP (AS 10.2.0.2 not upgarded to 10.1.4) and I don't have any issues with item security access tab at all.
  I would appreciate any clues.
  Regards,
  Anna

  There should be two icons shown for each item when you put the page in Edit mode - Edit and Actions. Click on the Actions icon and "Access" should be one of the links in the list of actions (like hide, expire, delete, move, etc.)

• Enabling item level security

  Hi,
  We are using portal version 3.0.9. We are trying to implement security at the item level and have super-user rights. According to <http://portalstudio.oracle.com/help/sblgrapi.htm>, if you scroll all the way to the bottom it says that "You cannot enable item level security for items in the Portlet Repository content area." I am assuming that this Portlet Repository content area is referring to the Administer->Display Portlet Repository ->Seeded Providers -> Portal Content Area -> Content Areas
  The items that we want to secure are currently in the folder called "other providers" but I can also access the items from within the portal repository content areas.
  So far I have been specifying access to the page, the category, the folder, and the item, and when I log in as a view only user I still can see things that I shouldn't. Perhaps, it is because it is somehow still in the repository?
  I think that I am missing a step somewhere. I have cleared inherit privileges and enable item level security wherever I could find that option while editing. Has anyone successfully added security to even a folder?
  Thanks in advance.
  Best Regards,
  Lindsay

  Lindsay,
  I'm not sure if this is what you are looking for, but you can secure access to portlets that are shown in the portlet repository
  through the Access tab that is available when you "Edit" the portlet entry in the Edit Folder view of the Portlet repository.
  [ol]
  [li]Go to the portlet repository
  [li]Navigate to the appropriate folder
  [li]Edit the folder
  [li]Click on the Edit link beside the portlet of interest
  [li]Click on the Access tab
  [li]Turn on access control and specify privileges on the portlet.
  [ol]
  See if this is what you are looking for, or let me know if I'm off base.

• Item Level Security, Portal 10.1.4, Search

  I'm working on a project that uses ILS (item level security) in portal 10.1.4.
  I need a custom search portlet that retrieves all the items that can be viewed by a certain group.
  Explicitly, if there are 3 items: I1, I2, I3, and 3 groups G1, G2, G3, having the view permissions distributed like below:
  for I1 - any user from G1 and G2
  for I2 - any user from G2,
  for I3 - any user from G1, G3
  I want to be able to select all the items for a certain group - say G1 will retrieve I1 and I3 ; or G2 retrieves I1 and I2;
  Can this be done in a custom jpdk portlet ? If not, is there any other alternative to achieve this ?
  Thank you,
  Claudiu

  Well the URl is relative to the initial path and as a result you do not get the fully qualified URL.
  This is done in this way to help create human readable URL's and thus should not be tied to a machine name and port and could be just xyz.com/.....

• Item level security not available to accounts with manage content?

  Though I'd post this here before trying metalink.
  Environment: App Server Portal 9.0.4 (10g) on Win200
  The scenario:
  I have set up a page with one item area. This is set to be a portlet on another page and act as a message board.
  I wish to set up a group of users to maintain this message board, but restrict their access any further.
  Setting a user up with 'Manage Content' on the Page properties almost does this. It allows them to Enter/Edit/Move or delete items but pretty much no more which is exactly the level of access I require.
  What it doesn't allow, when they add or edit an Item, is the ability to change Access permissions.
  The page has 'item level security' ticked, and a user with higher 'Manage' access can set access permissions on items, for example only allowing a certain group viewing an item, but it also allows them to manipulate the page which I do not want to permit.
  Is it possible that 'Manage Content' level users can also set access on items?
  Thanks.

  Resolved, it appears that access can be set after item creation using the edit. a little quirk.
  Also I was trying to set access on an item created by the 'manage' user, which was beyond the 'manage content' users scope, and not a practical situation.

• Item division level security for VB01,VB11,VBN1 and VK11

  Hi,
  I have a security requirement to have division level security for tcode VB01. Need some help here.....
  Scenario is that we have two users belonging to two different divisions. Both have authorisation for VB01 but we need to restrict access such that user from one division should not be able to update record for material to which division he dosent belong to....hope this is clear....
  vibhas

  Hi Vibhas,
  You can restrict the division with object V_KONH_VKO
  in PFCG
  hope this helps
  thanks
  kishore

• Item Level Security problem

  Hi forum,
  I have a page group in portal 10.1.4 say pagegroupA with several sub pages beneath it. Item level security (ILS) has been enabled for the page group and the option display page to public is checked. I am trying to enable ILS such that if userA posts to any page in this pagegroup, he should be able to see only his content. Similarly, userB should be able to see only the content that he posts. UserA is a member of groupA and userB is a member of groupB. I am using the enable_ils_for_item and add_item_ils_privileges API to achieve this.
  <p>
  Wwsbr_Api.enable_ils_for_item( p_master_item_id => masterthingid, p_caid => pagegroupA_ID, p_folder_id => someSubPageInPagegroupA_ID );
  portal.Wwsbr_Api.add_item_ils_privileges(
                                                              p_master_item_id => masterthingid,
                                                              p_caid => pagegroupA_ID,
                                                              p_folder_id => someSubPageInPagegroupA_ID,
                                                              p_itemview_group =>arrayOfgroupA_ID );
  This seems to work in that when the user logs out of portal, the item is not displayed to the public. However, when userA logs in, he can see items posted by userB and vice versa (userB can see userA's items). Am I missing something either in the code, page group configuration or user setup?
  Thanks

  I recommend you using the wwsbr_api only for managing content (that includes enabling the ILS for a page). But for assigning privileges to items, pages, whatever, I recommend using wwsec_api (set_user_acl, set_group_acl, etc). It is more reliable.
  PS: This would be a good post for a more specific forum: Portal Developer Kit (PDK)

• Item Level Security not working with Tabs

  I've Portal 9.0.2.2.22
  This issue is with Item Level Security with Tabs. Here is what I've have:
  Page Group: MyPagegroup (Privs: portal => Manage All)
  Page: MyTestPage (Privs: portal => Manage All,
  testUser => View)
  There is a tab called MyTab on page MyTestPage which has two items (simple images) image1 and image2. The tab's access privs have been set NOT to inherit from the page. The public check box has not been checked for the tab. I've specifically assigned access privs to the tab.
  Now here are the two scenarios that I'm having problem with:
  1) MyTab (portal => Manage All, testUser => view)
  image1 (ILS enabled: portal => Manage All)
  image2 (ILS enabled: portal => Manage All,
  testUser => View)
  When logged in as "testUser", I still see both the images on MyTab although image2 doesn't have view priv to testUser. My expected result is to see just image2 on the tab.
  2) MyTab (portal => Manage All)
  image1 (ILS enabled: portal => Manage All,
  testUser => View)
  image2 (ILS enabled: portal => Manage All)
  When logged in as "testUser", I still see NO images on MyTab although image1 has view privs to testUser. I would expect to see image1 on the tab.
  Question: In both the above cases, the tab privs seem to be dictating what the user sees regardless of what the item level privs are set to. Is this normal behavior or a bug? If a bug, is there a patch? Is there any way so that even after setting the tab privs, I still have finer control of what the user can access through item level privs?
  If I don't put the items under a tab, then things work as expected.
  thanks
  Lalit Agarwal
  Vienna, VA
  703-521-5200 x3610

  This is a known problem with the 9.0.2 release - fixed in 9.0.2.6.
  Regards,
  Jerry
  PortalPM

• Item level security, workflow and tab problems

  was wondering if someone could help us out with some problems we are having. We need to up and running over the next two days so anyone who could get back to us pretty quickly would be greatly appreciated.
  We are actually having a couple of issues which all revolve around three
  groups we have created (for simplicity we have only attached one user to each group). Here are the steps we took:
  Problems adding content:
  a) Added the three groups to the page group and gave them view access.
  b) Turned on approvals and set group3 as the approver.
  c) Added the three groups to the page and gave them view access.
  d) In the page properties, I enabled item level security.
  e) Added an item content area to the page.
  f) Added three pieces of simple content
  g) For content item1 I granted granted full access to group1(Own, manage, view), for content item 2 I granted full access to group2, etc.
  h) WHen I log on as a user in group1 I only see content item1. HOwever, when I edit the page I find I cannot add any items as user1.
  i) I went back to the page properties and changed the access of all three groups to "manage items with approval" but let the item level security as it was.
  j) When I logged on as user1 I found I could see all items now when I should only have seen content item1. What the hell? Can anyone tell me what I did wrong?
  Problems with item level security on tabs:
  a) Repeat steps a) through d) above.
  b) Create a content region and add three tabs: Home, Work, Life.
  c) On the Work tab changed portlet region to item region.
  d) Added three items with security exactly as I did above.
  e) When I signed on as user1 I saw all three items when I only should have seen item1. What the hell?
  f) I monkeyed around with the secutiry at the tab level but it didn't seem to make much difference. ANyone have any ideas what is going on here?
  Thanks in advance.

  Does the library have versions enabled? Also are these logins occuring within word/excel etc?
  If there's multiple login prompts which occur even if entering valid credentials what does hitting escape (after the first prompt) achieve, does the document open anyway?
  There's a situation where Office will prompt for credentials if you open a document when you've only got read access but there's a version history (to which you don't have access). This is to allow you to enter more highly privelidged credentials if you
  want to.

• How programmatically "enable" the Page to have Item level security

  Some body known how do we programmatically "enable" the Page to have
  Item level security. - analogous to checking the box in the Page edit mode for "Enable item level security"

  Hi, I only know portal.wwsbr_api.enable_ils_for_item.....
  You can perform actions on multiple objects simultaneously.
  Navigator > Page Groups(TAB) > PageGroup > Page > actions(link)
  Click on actions link and in LOV, select "Enable ILS".
  Hope this help.

• Categories and Item Level Security

  Hi,
  We have implemented item level security on our pages. We also use Categories so that a user can retrieve all content that falls into a particular category easily e.g. address books or Policies and Procedures.
  The desire is that if a user clicks on a category and an item the user normally would not see because of item level security on the page where the content is located, then the user should not see that item among all the other items returned by the category search.
  What is happening is either that a link to the item is returned among all the other items in the category or we get an access error for the entire category.
  We have tried playing with the settings on the template used for the category and with the access on the category result page but have not found the magic bullet yet.
  One other interesting behavior in the situation where the restricted item is visible in the returned category search is that clicking on the Page link (instead of showing the page group the item is on, we show the link of the page the item is on)it takes us to the page and the display link for the secured item is now visible followed by what looks like a "smudge" type of character. The item's link can then be clicked and the item's content is now available to the user.
  Thanks in advance for any help,
  Peter

  Tabs don't work with Item Level Security in 9.0.2. Fixed in the upcoming 9.0.2.6 release.
  Regards,
  Jerry

• Change item level security using wwsbr_api.modify_item

  Hi.
  Im using wwsbr_api.modify_item for change item level security.
  Its code for change type access for item of my procedure
  l_masterid := portal30.wwsbr_api.modify_item(
  p_master_item_id => 7061,
  p_item_id => 7062,
  p_caid => 136,
  p_folder_id => 1,
  p_display_name => 'test',
  p_region_id => 5,
  p_access_level => portal30.wwsbr_api.item_access,
  p_text => 'test change item security',
  p_addnewversion => true, -- My content area have item versioning
  level is audit
  After execute my procedure access type = folder.
  I see in wwv_things table new record
  masterthingid = 7061,
  id = 7064,
  security = 'folder'
  How to change item level security programmatically?
  Thanks

  Jerry,
  Please forgive me for persisting with this, and thankyou for your continued patience, but let me try to explain the issue I'm having in another way...
  I have a function that calls wwsbr_api.modify_item to change, say, the description. In this case "description" is the one and only thing I want to change about the item. As you've described above, I am able to query most things associated with the item (via wwsbr_all_items, wwsec_api.grantee_list, etc) so that I can pass current values to the wwsbr_api.modify parameters. However, I haven't found a way to query the current level of access control for a given item (i.e. wether it is currently set to ITEM_ACCESS, FOLDER_ACCESS, or null). As documented, I can force the item to be ITEM_ACCESS or FOLDER_ACCESS. However, I don't want to force a value and as we have concluded, passing null will nullify the current state.
  So, in summary, an answer to this question will solve my problem:
  Is it possible to query the current access control level of an item (either directly via one of the published views or indirectly via one of the views)?
  If the answer is yes - great that solves my problem. How please?!?!?
  If the answer is no - this must be a bug is it would mean that it isn't possible to use wwsbr_api.modify_item without inadvertently altering the current access control level of the item.
  Again thanks for your patience...
  Mark

• Item level security apis

  Hello:
  Requesting clarification on a Content API question in 10G
  Using the APIs, I have created a Page and an item heirarchy in the same page. Now in order to assign item level security, I need to call the following API to "enable" item level security on the specified item -
  wwsbr_api.enable_ils_for_item(
  p_master_item_id => v_category_id2a
  ,p_caid => v_page_group_id
  ,p_folder_id => v_new_page_id);
  However, this throws an exception wwsbr_api.ILS_DISABLED
  meaning -
  "The page does not allow Item Level Security.
  Cannot add item specific privileges."
  But, how do we programmatically "enable" the Page to have
  Item level security. - analogous to checking the box in the Page edit mode for "Enable item level security"
  Thanks
  -Ananth

  I'd appeciate a reply as well. For now I've been using content as a PL/SQL stored procedure in a package and then wrapping is_logged_in code around it. It works but isn't cusomizable.