Configuring Access Control List Security

To set up access control lists (ACLs), configure the following items on the Content Server system:

• To support user and group access control lists, the following configuration variables must be set in the Content Server config.cfg file:

  • UseEntitySecurity: Set this variable to true.

  • SpecialAuthGroups: Set this variable to the name of the Oracle WebCenter Content Server security group that will use the ACL security. Out-of-the-box Content Server has only two security groups: Public and Secure. Usually a site will create a third security group for which ACL security is to be applied.

  Enter the variables in the Additional Configuration Variables field of the General Configuration screen, which you can access from the Admin Server screen for your Content Server instance. For details, see Admin Server: General Configuration Page.

  The configuration variable UseEntitySecurity=true sets Content Server security to always evaluate the user and group access control lists for content items. This parameter creates two metadata fields: xClbraUserList and xClbraAliasList.

• To support the enterprise role access control list, the RoleEntityACL component must be enabled in the Content Server system.

  This component is installed (disabled) by default with the Content Server system. Use the Content Server advanced component manager to enable the component. For details, see Advanced Component Manager Page.

  The RoleEntityACL component configures the Content Server system to work with other applications to evaluate the enterprise role access control list. This component turns on the UseRoleSecurity parameter, which sets Content Server security to integrate enterprise role access list information for content items. The UseRoleSecurity parameter creates the xClbraRoleList metadata field.

• If you want non-administrator users to be able to use the Add User menu to select users for the User Access List when checking in content items, set the configuration variable AllowQuerySafeUserColumns=true. If this variable is not set, no values are displayed in the menu for the User Access List field.