An LDAP Group Credential Mapped to @#all Doesn't Give the User RWDA Permissions
(Doc ID 2023115.1)
Last updated on SEPTEMBER 13, 2019
Applies to:
Oracle WebCenter Content - Version 11.1.1.8.0 and laterInformation in this document applies to any platform.
Symptoms
In Webcenter Content 11.1.1.8 (WCC),
The jpsuserprovider is configured to use a credential map.
The map is configured to map an LDAP group to the WCC admin role and another group to the @#all account.
Example:
UCM Sysmanager,sysmanager
|#all| -UCM|,%%
@|AllAccounts|,@#all
@|#all -All|,@%%
A user is a member of the group that maps to admin and the group that maps to @#all account.
In the example, UCM Admin and @AllAccounts
The @#all account should allow a user with that account to have full RWDA permissions to any content assigned to an account.
An item has an account assigned to it.
When that user attempts to make a change in that item's metadata, it will fail due to not having permission to do so.
The following is an example error as seen in the WCC managed server log:
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |