Setting Default Accounts to All Users

When enabling accounts in Webcenter Content for documents that require public access or that need to be view by all users, there is a need to set some default read accounts in order for this to work.

This post assumes that you have a public site with security group "Intranet" and a top account MySite, the guest role has read access to the Intranet SG. We also assume that you are using weblogic security realm to configure LDAP and your accounts and SG are managed as LDAP groups.

The documentation explains the use of default accounts to the annonymous user, which is used when the user has not logged into the content server, this is done by setting a configuration parameter in the config.cfg or via the Amin Server--> General Configuration --> Additional Configuration Variables.

DefaultAccounts=#none(R),MySite(R)

This setting defines the access the guest user will have on the content by default, remember that the access to the content will be a combination of the account and the security group, so the guest role needs to have read access in the SG for this to work.

The value #none(R) defines read access to documents without accounts, the value  MySite(R) sets read access to all documents in the MySite account, this sets read access to all sub accounts, if i only one the user to have access to a section of the documents I can user MySite/MySection1(R).

If you want the annonimos user to have read access to all the accounts in the system you can set the value  #all(R).

The above feature is well documented, however, what happens when the users login, for example, if it is an intranet site and I want all LOGGED users to have read access to the site. as the above setting only applies to anonymous, once logged in the users won't be able to see the site unless they are specifically added to the MySite(R) account. technically they will have more access before they login than after.

To provide a default account to logged users without having to add them all to the LDAP group mapped to the account, you can set the preferences in the JpsUserProvider, this is the default provider UCM users to communicate with the underlining weblogic and the security realm (LDAP).

To access the provider, go to Administration->Providers ->JpsUserProvider ->info

Once on this page, you can edit the provider and user the "Default network Accounts" variable to assign the values for all users that authenticate via the weblogic security (this can be any LDAP server or the internal wls one)

Default Network Accounts: #none(R),MySite(R)