UME Roles and Portal Roles

In the portal, you can manage both user management engine (UME) roles and portal roles. Both types of roles determine what users can do, but each with a different focus. The following table lists the main differences between these two types of roles.

Comparison of UME and Portal Roles

UME Roles

Portal Roles

Are a container for UME actions (actions are sets of Java permissions).

Are a container for portal content (iViews, worksets, folders, and so on).

Define a set of authorizations. By assigning a UME role, you define what authorizations a user has to run applications on the J2EE engine. The authorizations are defined by the UME actions in the role.

Defines how content is grouped together and how it is displayed in the portal. By assigning a portal role, you define which content a user sees in the portal.

Like UME roles, you can assign UME actions to portal roles.

Are stored in the user management tables of the J2EE database.

Are stored in the Portal Content Directory (PCD) tables of the J2EE database.

Are created with identity management.

Are created in the Role Editor of the Portal Content Studio.

Protect access to applications on the J2EE engine.

Constitute a small part of the authorization concept of the portal. When you assign a portal role to a user or group, they get end user permission on the role.

You can define role assigner permission on a portal role. Users or groups that are granted role assigner permission on a portal role can assign the portal role to users or groups.

Tools

The tools need to manage UME and portal roles are identity management and the Portal Content Studio. The following table lists the main differences in use of these tools.

Comparison of Identity Management and Portal Content Studio

Activity

Identity Management

Portal Content Studio

Create and edit roles

UME roles

Portal roles

Assign UME actions

UME roles and portal roles

Portal roles

Assign roles to users and groups

UME roles and portal roles

None. Can assign portal permissions for PCD objects to users and groups.

To perform these activities you need the required permissions.

More Information:

Managing Users, Groups, and Roles

Role Assignment

Example

Carmen Fernandez is assigned to the UME role Administrator and no other role. She has full administrator authorizations on the J2EE Engine, but does not see any content in the portal. In contrast, Oleg Semenov is assigned to the portal Super Administrator role. He can see all the administrator functions when he logs on to the portal, and he has the corresponding authorizations on the J2EE Engine.

topics