How to map the user/group from WLS to Content Server internal role

W.ZH Dec 2013

For being able to map external user/groups to UCM roles you will need to use Credential Maps. In this way, a user login from the WLS to access the UCM content, could be able to be mapped to a role inside the UCM, by his group or by his user name defined inside the WLS or external LDAP.

Example:

User “editor1” is in the group of “Editor” (You can use administrator group too) in the embedded LDAP of the WLS. There is a piece of the content in the UCM server, located in the “Public” security group, created by the “weblogic” user. By default, this “Public” security group content can be read by any user. But for the editing permission of this content, you must at least have the “contributor” role in the UCM. User “editor1” will be the external user to UCM, do not have any role info by default in the UCM. when you login by editor1, it by default has the “guest” role to read a content in UCM. If we want the eidtor1 to have more permission to content,  what we need to do is to map the “Editor” group to the “contributor” role in the UCM.

Steps:

1. Suppose you have created user “editor1” is in the “Editor” group in the embedded LDAP of WLS.

2. On UCM – Administration – Credential Maps, add a map (for eg : testMap), put the following mapping content :

Editor, contributor

 

( if you want only one user is mapped, you should use:
&editor1, contributor )

3. Save/ update this map changes

4. In the UCM server, Navigate to <domain_home>/ucm/cs/data/providers/jpsuserprovider and open provider.hda in edit mode.

Add “ProviderCredentialsMap=testMap” before the end.

5. Save the file and restart UCM server. Make sure that WLS admin is running as well since that is needed for UCM JPS provider to be up.

6. After UCM is restarted, login with user editor1.

7. After user editor1 login, you can try checkin check out content features.

8. If you running the webcenter application, contributor role in fact give you the edit ablity to the content related taskflow, such as you can  use ctrl+shift+c  to trigger the ADF page to contribute mode to edit it on web page.

9. By similar method, external LDAP user’s group can be mapped to UCM role too.

Reference:
The following roles are predefined on Content Server:

Roles Description
admin The admin role is assigned to the system administrator. By default, this role has Admin permission to all security groups and all accounts, and has rights to all administration tools.
contributor The contributor role has Read and Write permission to the Public security group, which enables users to search for, view, check in, and check out content.
guest The guest role has Read permission to the Public security group, which enables users to search for and view content.
sysmanager The sysmanager role has privileges to access the Admin Server on the content server.

 

Advertisements

How to make the content ID keep same among different Content Server

W.ZH Dec 2013

When you install your UCM, by default you will have the a choice of “Automatically assign a content ID on check-in” enabled, this will cause you have no chance to define yourself content ID when you check in/ create a new content. UCM will create content ID automatically for you. But when you have multiple CS and you need content migration between servers, so you need to keep content ID same at all the servers.

  1. You need to disable this feature in all UCM.
  2. Login to your UCM with weblogic account
  3. Go to “general configuration” page , under Administration
  4. Uncheck the “Automatically assign a content ID on check-in”
  5. Click “save” button.
  6. You must restart the UCM server.
  7. After started. When you check in a new content, you will be asked to input the content ID. Just give meaningful name you want.

Question:

If you enable the “Automatically assign a content ID on check-in” and content has ID already when is was created. Can we change the ID when content is migrated from server A to another B?

A:

You cannot change your content ID for old content or in migration.
If you do the migration, there is some way you can map ID and add prefix to it when move to another UCM. But still, OLD ID cannot be changed or delete.