The user management engine (UME) uses UME actions to enforce authorizations. An action is a collection of Java permissions that define which activities a user can perform. UME actions can be assigned to UME roles or portal roles. If a role with a UME action is assigned to a user, the user gains the authorizations provided by the action. The UME verifies that users have the appropriate UME actions assigned to them before granting them access to UME iViews and functions. Other applications can also define or check for actions.
The following table lists the UME actions assigned to portal roles by default.
Portal Role |
Assigned UME Actions |
---|---|
Delegated User Administrator |
Manage_Users Manage_Role_Assignments |
Every User Core Role |
Manage_My_Profile |
Standard User Role |
Manage_My_Profile |
Super Administrator |
AclSuperUser Manage_All |
System Admin |
System_Admin |
User Administrator |
Manage_All |
Some UME actions are defined specifically for the portal environment:
AclSuperUser
Manage_Role_Assignments
Remote_Producer_Read_Access
Remote_Producer_Write_Access
For more information, see the following:
In the portal, you can assign and remove UME actions from portal roles with the identity management application.
For more information, see Assigning Principals to Roles or Groups .
The assignment of UME actions to portal roles resides in the Portal Content Directory (PCD), which is why you cannot remove UME actions with the role delete function of identity management. When you delete a portal role with identity management, the UME only removes the user and group assignments. You must edit the action assignments manually in identity management to remove them from a portal role.