Configuring the sub-administrators for virtual portals
You can administer the sub-administrators of a virtual portal as required by using the Portal Access Control of your initial portal installation.
When you create a virtual portal by using the Virtual Portal Manager portlet, you select a user group of sub-administrators that you want to be responsible for the administration of the new virtual portal. During creation of the new virtual portal the Virtual Portal Manager portlet creates a set of necessary access rights on the virtual portal for the sub-administrator group that you specified. This includes EDITOR role access rights on the administration portlets that are part of a virtual portal. As a result, the sub-administrators of a virtual portal can perform administrative tasks on the virtual portal with these administration portlets.
If you want to change
the default access rights for the sub-administrators, you can do this
by one of the following actions:
If you want to change the default Editor access permission for the sub-administrators on the administrative portlets or the list of portlets globally and before you create virtual portals, configure the Virtual Portal Manager portlet accordingly. For details about how to do this see Pre-configuring the sub-administrators for virtual portals.
- If you want to assign additional access permissions to the sub-administrators specifically and after creating a virtual
portal, use the master administrator user ID of your initial
portal installation and modify those access permissions for them manually
in Portal Access Control. To do this, you can use the User and
Group Permissions portlet, the Resource Permissions portlet, the XML
configuration interface, or the Portal Scripting Interface. The consequences
differ, depending on where you make the updates:
- If you do this in the initial portal installation, you can change the access permissions for the sub-administrators on the virtual portal as a whole.
- If you do this in the virtual portal itself, you can change the access permissions for the sub-administrators on the individual resources of the virtual portal.
Assigning additional rights to the sub-administrators
Depending
on the usage of your virtual portals, you might have to give the sub-administrators
additional rights on specific resources.
Note: Do not grant the sub-administrators
of virtual portals the access rights to perform any installation related
tasks, such as installation of portlets or themes. An unstable or
malicious portlet that is installed in one virtual portal can destabilize
the entire portal installation, as all virtual portals share the same
Java Virtual Machine. Typically, only the master administrator of
the portal installation should perform installation related tasks.
To
delegate Portal Access Control administration within the virtual portal
to sub-administrators of the portal, the main portal administrator
must assign those sub-administrators additional permissions in the
main portal to the virtual resources USERS and USER GROUPS by the
following procedure: - Log into the main portal as a main portal administrator.
- Navigate to .
- Click USERS.
- Click the Edit Role button for the Delegator Role.
- Add your virtual portal administrative users or user groups to the role and click OK.
- Go back to the Virtual Resources list and click USER GROUPS.
- Click the Edit Role button for the Delegator Role.
- Add your virtual portal administrative users or user groups to the role and click OK.
- Save your changes.
The following list shows the tasks
for which you can assign additional access rights to sub-administrators
of virtual portals. It also specifies whether the right is scoped
to the virtual portal or if it is global to the entire portal installation,
including all virtual portals. You can assign the rights for these
tasks to sub-administrators only by using use the master administrator
user ID of your initial portal installation.
- Granting access permissions to users and groups of virtual portals
- This requires one of the following access rights:
- Delegator on the group that defines the users of the virtual portal. This is the preferred option, as the access right is limited to the virtual portal.
- Delegator@Groups or Delegator@Users. Both of these access rights apply globally to the entire portal installation, including all virtual portals.
- Cloning portlet applications, for example, the Web clipping portlet
- This requires Editor@Portlet Application. This access right applies globally to the entire portal installation, including all virtual portals.
- Access permissions for policies.
- To manage policies, sub-administrators need different rights, depending on the task that you want the sub-administrative user to be able to perform. For example, to delete policies, a sub-administrator needs Manager@Policy and User@Business Rules. This is the highest right. These access rights apply globally to the entire portal installation, including all virtual portals.
- Using the XML configuration interface
- This requires Security Administrator@Portal and Editor@XML access. These access rights apply globally to the entire portal installation, including all virtual portals.
- Managing portal search collections
- This requires Editor@Virtual Resource PSE_SOURCES. This access right applies globally to the entire portal installation, including all virtual portals.
- Managing URL mappings
- This requires Editor@parent context for parent mappings and Manager@context for URL mappings. These access rights apply globally to the entire portal installation, including all virtual portals.
- Managing tags and ratings
- This requires Manager@Tags and Manager@Ratings. These access rights apply globally to the entire portal installation, including all virtual portals.
- Managing personalization rules
- This requires the following access rights:
- Privileged User on the following portlet applications:
- Personalization Editors
- Personalization Navigator
- Personalization Picker
- Manager@the Personalization Rule
- Privileged User on the following portlet applications:
- Granting virtual portal administrators access to web content libraries
- Virtual portal administrators do not automatically have access
to work with web content libraries when using the administration portlet.
To enable a virtual portal administrator to work with web content
libraries you must assign them access to either the JCR content root
node or individual web content libraries:
- You can assign virtual portal administrators access to the JCR
content root node using the Set access on root button
in the Web Content Library view of the Administration portlet. For
further information see Setting root access for all web content
libraries in the Portal Content help.
- Assign virtual portal administrators administrator access to the JCR content root node to enable them to create new libraries and view, edit and delete all existing libraries.
- Assign virtual portal administrators contributor access to the JCR content root node to enable them to create new libraries and view, edit and delete libraries they have created.
- You can also assign virtual portal administrators access to libraries they have not created by editing the access settings of individual libraries.
- Template Page Content
- Web Content Templates
- You can assign virtual portal administrators access to the JCR
content root node using the Set access on root button
in the Web Content Library view of the Administration portlet. For
further information see Setting root access for all web content
libraries in the Portal Content help.
The configuration task create-virtual-portal does not assign roles to the sub-administrators of the virtual portal. In this case you assign the required roles manually by using the portal access administration portlets or by using the portal XML configuration interface. For more information about the XML configuration interface and how to use it see The XML configuration interface.