. 34
( 87 .)


Next you need to create an update schedule, that is basically telling the
robot how frequently to collect documents:

Under Collection Update Schedule (as seen in Figure 10-5), click
Under De¬ne Schedule choose the date, time, and frequency by
clicking on the drop-down boxes and then click Create.

The schedule update will then appear in the right-hand side box. You can
create multiple schedulers. In the schedule box you can see that we created
a schedule to run the robot every hour starting at 1:00 p.m. on January 1,
After creating your scheduler, you might want to create some ¬lters to
include or exclude certain documents, Web sites, or ¬les. In the example
shown in Figure 10-6, we created a ¬lter rule to exclude Word documents.
To do this, perform the following steps:

1. Enter the rule name. Choose Word.
2. Choose your rule. Click Exclude.
3. Choose your ¬le types. Choose Word ¬les.
4. Click Create and click OK.

You may also want to add a destination category. If you do this all docu-
ments will be chosen based on your criteria and ¬lters for this site will be
associated with this category. To add a destination category do the follow-

1. Under Destination Categories (as seen in Figure 10-5), click Add.
2. Expand the Category Tree, and click the sub-category.
3. Click Add to the List and click OK.

After you ¬nish creating your site, click Save.
Now to verify whether it is working, under Manage Document Collec-
tions, click Start Collection, wait a few seconds, and click Browse Docu-
ments. You should see results similar to Figure 10-7.
WY009-10 WY009-BenNatan-v1.cls May 14, 2004 0:16

Figure 10-6 Creating a ¬lter.

Figure 10-7 Browsing the Document Collection.

WY009-10 WY009-BenNatan-v1.cls May 14, 2004 0:16

190 Chapter 10

Portal Access Control
Once you have de¬ned your default portal settings, the next step is to
add some groups and users. Account information can be registered and
managed by users themselves or an administrator. Under Administration,
click User and Group Permissions. You ¬rst add the groups you want.
Normally, you will have at least three groups: a group for administrators,
managers, and users.

User and Groups
In WP V5, Manage User Groups and Manage Users have been combined
into one portlet.
You have already de¬ned the group for administrators, wpsadmin. This
group was de¬ned when you installed the program. Now de¬ne a group
for general users called general as follows:

1. Click Users and Group.
2. Click the New Group button.
3. In the Name text ¬eld, enter a group name. We will call our group
general. The group name can have blanks but like all IDs and
password may contain only the characters a“z, A“Z, period (.), and
underscore ( ). The group name, like all IDs and passwords, can
contain between 5 and 256 characters; however, the chance of your
forgetting a 256-character password is quite high. If you are storing
your names and passwords in an LDAP, the size will be greatly
reduced because the schema ¬elds are included.
4. Click the OK button.

Now click General and add a new user called Richard. Every ¬eld pre¬xed
with an asterisk is mandatory.

1. Click the New User button.
2. Using the same rules mentioned above for group name, enter user
3. Enter password.
4. Con¬rm password.
5. Enter ¬rst name.
6. Enter last name.
7. Enter the user™s email (optional).
WY009-10 WY009-BenNatan-v1.cls May 14, 2004 0:16

Portal Administration 191

Figure 10-8 Creating and modifying users.

8. Enter his or her preferred language. This is the language that will
appear on the portal pages after the user signs in.
9. Select OK.
In Figure 10-8, you will now see the user Richard with ¬ve icons associated
with it. These will enable you to view the groups of which the user is a
member, duplicate group or role assignments, edit a user, or remove a user.
It is easy to understand the function of the icons for viewing and editing.
The icons for duplicate group or role assignments allow you to choose
another user or group and inherit its permissions. These are new for this
version. Please note to remove the user from the group and do not delete it
from the portal. To delete a user from the portal, ¬nd the user under all the
authenticated user group, and click Delete.

In WebSphere Portal, you can select, view, and modify only those resources
for which you have access rights. Access rights are administered using the
Resource Permission and the User and Group permission portlet found
WY009-10 WY009-BenNatan-v1.cls May 14, 2004 0:16

192 Chapter 10

on the Administration page. They are usually de¬ned by groups but can
be de¬ned by users. The access rights are stored in the default database;
however, a third-party external security manager can be used. This will be
discussed in greater detail in Chapter 20.

Resource, User, and Group Permissions
To assign permissions to a resource, click Resource Permissions on the Ad-
ministration page. To assign permissions to a user or group, click User and
Group Permissions on the Administration page.
If you clicked User and Group Permissions, you will see a page with
Users and Groups (depending on the permissions set for your user id). If
you click on users, you will see a user called anonymous portal user. When
you click Edit, you can de¬ne what resources an unsigned user can access.
If you click User Groups, you get a list of groups including the default
administration group. You will also see two virtual resources called all por-
tal user groups that de¬ne all nonvirtual user groups and all authenticated
portals, which are all known user groups. When you click Edit, you can
de¬ne what resources a group can access.
If you clicked Resource Permissions, you will see the resource types listed
in Table 10-1 on the page.
Click on the resource that you want to assign permissions. When you get
to the resource, click Assign Access. You will see a page with a list of roles.

In WebSphere 5.0, access control changed with the introduction of roles.
A role is a de¬ned set of permissions associated with a resource (such
as a page or a portlet). They enable access to speci¬c operations within
the WP such as viewing a page or modifying a layout. Roles use the con-
vention Role@Resources since roles are tied to a speci¬c resource. For ex-
ample Manager + My Portal Page is de¬ned as Manager@My Portal, see
Figure 10-9.
There are seven different Websphere role types as shown in Table 10-2.
They are hierarchical in the sense that each role from the top down has less
permissions. For instance the top role is the administrator, which changes,
reads, updates, and deletes any resource. The bottom role (excluding no
role) is the user that can only view the resource it is associated with.
Roles can be explicit or implicit. You can explicitly associate a resource,
such as a user, with a role. Alternatively, you can associate a group with a
role and any members of the group will implicitly inherit the role. Practi-
cally, you would only associate roles with groups since the administrative
overhead of associating a role with each resource will be huge.
Descriptions of these roles are shown in Table 10-2.
WY009-10 WY009-BenNatan-v1.cls May 14, 2004 0:16

Table 10-1 Resource Permissions
Pages Set permissions for pages within the portal. If you
set the permissions for a parent page, the child
pages will inherit them unless you speci¬cally
block a page

Web Modules Set permissions for Web modules within the

Portlet Applications Set permissions for portlet applications within
the portal

Portlets Set permissions for portlets within the portal

User Groups Set permissions for user groups within the portal

URL Mapping Contexts Set permissions for URL mapping contexts within
the portal

Virtual resources Virtual resources are resources that have access
control de¬nitions but are not actually
represented in the portal. Here you can set
permissions for the various virtual resources such
as markups, portal settings, event handlers, and
so on

WPCP Projects, WPCP Editions, Set permissions for WPCP resources within the
WPCP resource Collections, WPCP portal
Directories, WPCP Resources

Table 10-2 Role De¬nitions
Administrator Super-user. Can do everything including creating,
con¬guring, and deleting resources. Administrator can
also change the access control con¬guration

Security Administrator Can create and delete role assignments for roles tied to
speci¬c resources

Delegator Can assign users or user groups to roles

Manager Creates, con¬gures, and deletes new or existing
resources for use by one or more users

Editor Creates, and con¬gures new or existing resources for
use by one or more users

Privileged User Can create new private pages, view portal content, and
personalize portlets/pages

User Can view portal content

No Access Can do nothing

WY009-10 WY009-BenNatan-v1.cls May 14, 2004 0:16

194 Chapter 10

Figure 10-9 Assigning permissions and roles.

For a resource, you can determine which roles will allow propagation or
inheritance with the exception of the administration and security adminis-
tration roles, which always support both.
Inheritance and propagation are functions supported to reduce the over-
head of administrating a large number of resources. Inheritance enables the
role to inherit any permission from its parent while propagation allows the


. 34
( 87 .)