Portal Access Control (Pac) - IBM BS029ML - WebSphere Portal Server Self Help Manual

Login point
Other applications through SSO.
External Security Manager
through TAI
SSL client certificates
To obtain details, refer to the white paper Understanding and configuring WebSphere Portal
login and logout, found at:
http://www.ibm.com/developerworks/websphere/library/techarticles/0706_buchwald/070
6_buchwald.html

4.1.6 Portal Access Control (PAC)

The access level of a user to a portal resource is measured by the actions he can apply on
the resource. In the portal environment, these actions are view/read, update/write, delegate,
traverse, and delete. For different types of resources, different set of actions are applicable. A
set of fixed role types are defined in portal access model for management, each one of which
is represented by a set of actions (called actionset) that can be applied to the resources.
The Portal Access Control (PAC) authorization model is based on the concepts of protected
resources and the hierarchy these resources build up. It contains a set of fine-grained
configurations for portal resources, such as pages, portlets, services, and global settings.
They provide a full range of control settings from an easy and simple solution to fairly
complicated enterprise level systems.
The artifacts defined by the PAC model are summarized in Table 4-2.
Table 4-2 PAC artifacts
Artifact
Protected Resources
Protected resource hierarchy
Virtual resources
Role types
Role
Role block
Ownership
The flow
The LTPA in the client request triggers WebSphere Application
Server to create the security context with the user credentials
and passes it to Portal login. The LoginUser engine command
is then triggered.
WebSphere Application Server checks LTPA first. If none exists,
the TAI configured in WebSphere Application Server trusts the
ESM and creates the LTPA for the user, and sends the security
context to Portal Login.
WebSphere Application Server authenticates the user through
the client certificate, and builds and passes the subject to Portal
Login
Description
Represent a set of portal artifacts protected by the portal, and
they are divided into four domains.
Starting from a set of virtual resources to form a tree structure,
with virtual resource PORTAL at the top root.
A set of virtual objects created during portal installation to form
the roots of the protected resource hierarchy.
Formed by the action-sets that can be applied to resources.
An instance of a role type with a specific resource.
A configuration set to block role inheritance or propagation.
Unrestricted access to the resource by the owner.
Chapter 4. WebSphere Portal security
93