An LDAP Group Credential Mapped to @#all Doesn't Give the User RWDA Permissions (Doc ID 2023115.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle WebCenter Content - Version 11.1.1.8.0 and later
Information in this document applies to any platform.

Symptoms

In Webcenter Content 11.1.1.8 (WCC),

The jpsuserprovider is configured to use a credential map.

The map is configured to map an LDAP group to the WCC admin role and another group to the @#all account.

Example:

UCM Admin,admin
UCM Sysmanager,sysmanager
|#all| -UCM|,%%
@|AllAccounts|,@#all
@|#all -All|,@%%

 
A user is a member of the group that maps to admin and the group that maps to @#all account.

In the example, UCM Admin and @AllAccounts

The @#all account should allow a user with that account to have full RWDA permissions to any content assigned to an account.

An item has an account assigned to it.

When that user attempts to make a change in that item's metadata, it will fail due to not having permission to do so.

The following is an example error as seen in the WCC managed server log:

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms