UME
Roles and Portal Roles 
Definition
When you use the role assignment tool of the portal or the standalone UME Web tool, the roles you see in the list are a mixture of UME roles and portal roles. UME roles define authorizations for J2EE applications. Portal roles define the content that users see in the portal.
The following table lists the main differences between these two types of roles.
UME Roles |
Portal Roles |
Are a container for UME actions (actions are sets of Java permissions). |
Are a container for portal content (iViews, worksets, folders, and so on). |
Define a set of authorizations. By assigning a UME role to a user or group, you grant the authorizations defined by the actions in the role to the user or group. |
Can have UME actions assigned to them. In this case by assigning a portal role to a user or group, you grant the authorizations defined by the actions in the role to the user or group. |
Define authorizations for applications running on the J2EE Engine. |
Constitute a small part of the authorization concept of the portal. When you assign a portal role to a user or group, they get end user permission on the role. |
|
Defines how content is grouped together and how it is displayed in the portal. By assigning a portal role to a user or group, you define which content that user or group sees in the portal. |
Are stored in the user management tables of the J2EE database. |
Are stored in the Portal Content Directory tables of the J2EE database. |
Are created in the standalone UME Web tool. |
Are created in the Role Editor of the Portal Content Studio. |
|
You can define role assigner permission on a portal role. Users or groups that are granted role assigner permission on a portal role can assign the portal role to users or groups. |
For more
information on UME roles, see 
Permissions, Actions,
and UME Roles.
For more
information on portal roles, see Roles and
Worksets.
Use
In a portal context, you should use portal roles since they both define the content that the user sees in the portal and provide the user’s authorizations (if UME actions are assigned to the role). UME roles only provide authorizations. For example, if a user is assigned to the UME role Administrator and no other role, he or she has full administrator authorizations on the J2EE Engine, but does not see any content in the portal. In contrast, if a user is assigned to the portal Super Administrator role, he or she can see all the administrator functions when he or she logs on to the portal and has the corresponding authorizations on the J2EE Engine.
Integration
You can assign both portal and UME roles to users and groups.
By assigning a UME role to a user or group, you provide them with a specific set of authorizations. These authorizations are defined by the actions assigned to a UME role.
By assigning a portal role to a user or group, you define the content that the user or group sees when they are logged on to the portal. When you assign a portal role to a user or group, they automatically acquire end user permission for the role. Some portal roles include UME actions and so the user or group acquires the authorizations granted by the UME action.
Example
The portal Super Administrator role by default includes the UME actions UME.AclSuperUser and UME.Manage_All. These UME actions provide owner permissions on all objects in the portal content catalog and provide authorizations to manage users, groups, and roles, as well as perform other user administration functions.
You can assign UME actions to both portal and UME roles. You assign actions to portal roles in the Portal Content Studio (or the standalone UME Web tool). You assign actions to UME roles in the standalone UME Web tool only. By assigning UME actions to either type of role, you specify which authorizations that role includes.
The following table provides an overview of where you can perform which activities relating to portal and UME roles. It also outlines the authorizations you need to perform a certain activity.
Activity |
Tool |
Required Authorizations |
Creating and changing portal roles |
In the portal at Content Administration ® Portal Content |
Roles: Either of the portal roles Content Administrator or Super Administrator or derivations of these roles. Permissions: Read-write permission on the folder in which you want to create or maintain the role. UME actions: No UME actions required. |
Creating and changing UME roles |
In the standalone UME Web tool under Roles |
Roles: Any role containing the UME actions listed below. Permissions: Portal permissions are not checked in the UME Web tool. UME actions: UME.Manage_Roles or UME.Manage_All |
Assigning UME actions to portal roles |
In the portal at Content Administration ® Portal Content |
Roles: Either of the portal roles Content Administrator or Super Administrator or derivations of these roles. Permissions: Read-write permission on the role. UME Actions: UME.Manage_All or UME.Manage_Roles |
Assigning UME actions to UME roles or portal roles |
In the standalone UME Web tool under Roles |
Roles: Any role containing the UME actions listed below. Permissions: Portal permissions are not checked in the UME Web tool. UME Actions: UME.Manage_All or UME.Manage_Roles |
Assigning portal roles and UME roles to users and groups |
In the portal at User Administration ® Roles See also: Role Assignment |
Roles: Either of the portal roles User Administrator or Super Administrator (these two roles automatically have role assigner permissions on all roles) or the portal role Delegated User Admin. Permissions: For portal roles, you need role assigner permission on the role that you want to assign. UME actions: To assign portal roles, you require no UME actions. To assign UME roles, you require UME.Manage_Roles or UME.Manage_All. |
|
OR In the standalone UME Web tool under Roles |
Roles: Any roles containing the actions listed below. Permissions: Role assigner permission is NOT checked Actions: UME.Manage_All or UME.Manage_Roles + UME.Manage_Users Because the role assigner permission is not checked in the standalone UME Web tool, you must never assign the UME.Manage_Roles action to delegated user administrators. Otherwise they will be able to assign themselves roles with additional authorizations, for example the Administrator role. |
