W.ZH Dec 2013
For being able to map external user/groups to UCM roles you will need to use Credential Maps. In this way, a user login from the WLS to access the UCM content, could be able to be mapped to a role inside the UCM, by his group or by his user name defined inside the WLS or external LDAP.
User “editor1” is in the group of “Editor” (You can use administrator group too) in the embedded LDAP of the WLS. There is a piece of the content in the UCM server, located in the “Public” security group, created by the “weblogic” user. By default, this “Public” security group content can be read by any user. But for the editing permission of this content, you must at least have the “contributor” role in the UCM. User “editor1” will be the external user to UCM, do not have any role info by default in the UCM. when you login by editor1, it by default has the “guest” role to read a content in UCM. If we want the eidtor1 to have more permission to content, what we need to do is to map the “Editor” group to the “contributor” role in the UCM.
1. Suppose you have created user “editor1” is in the “Editor” group in the embedded LDAP of WLS.
2. On UCM – Administration – Credential Maps, add a map (for eg : testMap), put the following mapping content :
( if you want only one user is mapped, you should use:
&editor1, contributor )
3. Save/ update this map changes
4. In the UCM server, Navigate to <domain_home>/ucm/cs/data/providers/jpsuserprovider and open provider.hda in edit mode.
Add “ProviderCredentialsMap=testMap” before the end.
5. Save the file and restart UCM server. Make sure that WLS admin is running as well since that is needed for UCM JPS provider to be up.
6. After UCM is restarted, login with user editor1.
7. After user editor1 login, you can try checkin check out content features.
8. If you running the webcenter application, contributor role in fact give you the edit ablity to the content related taskflow, such as you can use ctrl+shift+c to trigger the ADF page to contribute mode to edit it on web page.
9. By similar method, external LDAP user’s group can be mapped to UCM role too.
The following roles are predefined on Content Server:
||The admin role is assigned to the system administrator. By default, this role has Admin permission to all security groups and all accounts, and has rights to all administration tools.
||The contributor role has Read and Write permission to the Public security group, which enables users to search for, view, check in, and check out content.
||The guest role has Read permission to the Public security group, which enables users to search for and view content.
||The sysmanager role has privileges to access the Admin Server on the content server.