| Oracle® Fusion Middleware User's Guide for Oracle WebCenter Spaces 11g Release 1 (11.1.1.5.0) Part Number E10149-07 | 
 | 
| 
 | View PDF | 
You are authorized to specify who can access any page on which you also have edit permission. Among those you authorize to access the page, you can assign varying levels of access, so that some users can edit the page while others can merely view it. If you prefer, you can specify that the page inherits its access settings from the application.
You may want to open a page to many users, but limit the exposure of a particular page component to a specific user, a user group, or to users who are assigned a specific application role. You can accomplish this by associating a security-related EL expression with the component instance.
This chapter provides information about securing pages and page components. It includes the following sections:
Audience
This chapter is intended for Space Moderators and Participants and for page editors with the create, edit, and delete permission on pages and on the services that provide the components to be secured. For more information about application roles and permissions, see Section 21.2, "Managing Application Roles and Permissions."
Page properties include a Security tab with controls for specifying who can do what to the current page (Figure 23-1).
Figure 23-1 Security Tab in Page Properties Dialog

In WebCenter Spaces, the options that appear on the Security tab vary according to whether you are accessing it from a Space page or a Home Space page.
Space security provides the additional options of inheriting page access permission settings from the application, enabling page access to public users (that is, users who are not logged in), and enabling page access for all authenticated users (that is, users who are logged in).
This section describes how to set page access through page properties. It is also possible to set page access through the Personalize Pages page. Setting page access through the Personalize Pages page is discussed in Section 38.2, "Controlling User Access to Your Personal Pages."
Note:
Page access permissions set through the Page Properties dialog in Oracle Composer are committed after you click OK on the Security tab. Closing Oracle Composer without saving does not discard such changes.Page access permissions set through the Personalize Pages page take effect after you click OK in the Set Page Access dialog.
To access the Security tab in the Page Properties dialog:
Go to the page you want to secure, and open it in Oracle Composer.
See Also:
To open a page in edit mode, press Ctrl-Shift-E.Click the Page Properties button (Figure 23-2).
Figure 23-2 Page Properties Button in Page Edit Mode

In the resulting Page Properties dialog, click the Security tab to bring it forward (Figure 23-3).
Figure 23-3 Security Tab in Page Properties Dialog

Space pages only:
To specify that the page should inherit access settings from those permissions established at the application level, select Use Application Permissions (Figure 23-4).
Figure 23-4 Security Tab for a Space Page

If you select Use Application Permissions, click OK to save your changes and exit the dialog.
To set custom access on the current page, select Use Custom Access Settings.
If you select Use Custom Access Settings, continue with the next steps.
To grant page access permissions to all authenticated users, that is, to users who are logged in to WebCenter Spaces, click Add Authenticated Access.
The role authenticated-role is added under Role or User.
To grant page access permissions to all public users, that is, users who have not logged in to WebCenter Spaces, click Add Public Access.
The role anonymous-role is added under Role or User.
To grant page access permissions to selected users, groups, and application roles, click the Add Access button to open the Add Access dialog (Figure 23-5).
In the Search field, enter a search term or the name of the user, group, or role for whom you want to enable access, and click the Search icon.
Tip:
Search terms must contain at least two characters.Select a user, group, or role by clicking in its row.
Note:
When you select a user name, the permissions you set are granted to that specific user. When you select a group or application role, the permissions you set are granted to all users who are members of that group or who are assigned that role.To make multiple selections:
Ctrl-Click to select multiple rows.
Shift-Click to select a range of rows.
Click Select.
The Add Access dialog closes, and the Set Page Access dialog populates with the selected users (Figure 23-6).
Figure 23-6 Populated Security Tab in Page Properties Dialog

For each user, group, or role, grant access by selecting one or more access privileges from the Page Access columns (Table 23-1).
Table 23-1 Page Access Privileges in the Set Page Access Dialog
| Icon | Name | Description | 
|---|---|---|
| 
 | Users can access the page for viewing, but cannot perform any other actions on the page. | |
| 
 | Users can edit the page using Oracle Composer. This includes adding, rearranging, and deleting content; renaming the page; and changing page properties, such as the page scheme. | |
| 
 | Users can delete the page. | |
| 
 | Users can perform all actions on the page. | |
| 
 | Users can rearrange page content and personalize his or her view of task flows, provided the task flow includes personalization settings. | 
Tip:
By default, all authenticated users and user roles that you add to the Set Page Access dialog are granted page view access. The other access privileges require page view access.Click OK to save your changes and close the Set Page Access dialog.
There may be pages you want to expose to many users that have components you want only a select set of users, or even only one other user, to see. For example, imagine that you have created a Space for all sales people. The Space's home page includes two Announcements task flow instances: one for all sales people and one for sales managers only. You can secure the second Announcements instance so that only those users assigned the custom role sales_manager can see it.
Any component that has an associated Show Component property can be secured in this way. Those components that do not have an associated Show Component property can be placed inside a component that does, and in this way be secured. For example, you can place an Announcements task flow, which does not have an associated Show Component property, inside a Box layout component, which does. You can set the property on the Box, and that setting will also affect the display of Announcements.
See Also:
You can also set security on the custom components that you import through the Resource Manager. For more information, see Section 10.4.4, "Setting Security for a Resource."To set access on a component instance:
Go to the component instance you want to secure and access its Display Options properties.
See Also:
For information about accessing component properties, see Section 17.5.2, "Setting Properties on Page Components."Open the Expression Builder by clicking the Edit icon to the right of the Show Component property and selecting Expression Builder (Figure 23-7).
Figure 23-7 Expression Builder Option Next to Show Component

Under Type a Value or Expression, enter one of the following EL expressions:
To expose a component only to members of a particular scope who are assigned a particular role in that scope, enter:
#{WCSecurityContext.userInScopedRole['role']}
In lieu of role, enter the role name, for example Moderator.
The scope is implicitly resolved to be the current scope. If you use this EL in the Home Space, it resolves to Home Space GUID and roles defined at the application level. If you use this EL in a Space scope, it resolves to roles defined for the Space.
To expose a component only to members of a group, enter:
#{WCSecurityContext.userInGroup['group_name']}
In lieu of group_name, enter the name of the group, for example Administrators.
To expose a component only to a specific user, enter:
#{WCSecurityContext.currentUser['user_name']}
In lieu of user_name, enter the user name, for example jdoe.
See Also:
For more information about EL expressions, see Appendix B, "Expression Language Expressions." For information about EL expressions relevant to security, see Section B.3.3, "EL Expressions Relevant to Application Security."Click OK to exit the Expression Builder, and click OK to save your changes and exit the Component Properties dialog.
Click Save and then Close to exit Oracle Composer.
The secured component appears only to those users with the name, role, or group you specified.