B Page Group Object Privileges

This appendix describes the privileges required to perform page group related tasks. It contains the following sections:

Privileges Required for Page Group Related Tasks
Page Group Privileges
Page and Tab Privileges
Item Privileges

For more information about how security works in OracleAS Portal, including a table that lists and describes global privileges, see Oracle Application Server Portal Configuration Guide.

B.1 Privileges Required for Page Group Related Tasks

Table B-1 describes the minimum privileges required for performing various actions on page group objects.

Table B-1 Privileges Required to Perform Page Group Related Tasks

To Perform the Following Task	Minimally, You Need the Following Privilege
View the content of a non-public page	The item privilege View on the item (item level security enabled); The tab privilege View on the tab containing the item; The page privilege View on the page; The page group privilege View on the page group; The global privilege View on the object type All Pages
Hide, show, and rearrange any portlet on your own version of a page	The page privilege Personalize Portlets (Hide-Show) on the page; or The global privilege Personalize Portlets (Hide-Show) on the object type All Pages
Add a portlet to your own version of a page, and hide, show, rearrange, and delete the portlets that you add to your own version of the page	The page privilege Personalize Portlets (Add-Only) on the page; or The global privilege Personalize Portlets (Add-Only) on the object type All Pages
Delete any portlet from your own version of a page or move any portlet to a different region on your own version of the page	The page privilege Personalize Portlets (Full) on the page; or The global privilege Personalize Portlets (Full) on the object type All Pages
Add items that require approval before they display on the page	The page privilege Manage Items With Approval on the page; or The global privilege Manage Items With Approval on the object type All Pages Note: The page privilege Manage Items With Approval is available on a page only when approvals and notifications are enabled for the page's page group. For more information, see Section 6.4.1, "Enabling Approvals and Notifications for a Page Group".
Add content (items, subitems, and portlets) to a page without requiring approval, edit item properties, hide, show, rearrange, and delete items	The page privilege Manage Content on the page; or The global privilege Manage Content on the object type All Pages
Apply a different style to your own version of a page	The Personalize (Style) privilege on the page; or The global privilege Personalize (Style) on the object type All Pages Note: Users can apply a different style to their own version of a page only if the page group property Allow Privileged Users To Personalize Page Style is enabled. For more information, see Section 4.3.2, "Controlling Who Can Apply a Different Style to a Page".
Apply a different style to a page	When the page group property Allow Privileged Users To Manage Page Style is enabled: The page privilege Manage Style on the page; or The global privilege Manage Style on the object type All Pages When the page group property Allow Privileged Users To Manage Page Style is disabled: The page group privilege Manage Styles on the page group; The page group privilege Manage All on the page group; or The global privilege Manage All on the object type All Page Groups For more information on the page group properties Allow Privileged Users …, see Section 4.3.2, "Controlling Who Can Apply a Different Style to a Page".
Create a page	The page privilege Manage on the parent page and the global privilege Create on the object type All Pages; or The global privilege Manage on the object type All Pages
Edit page properties, or delete a page	The page privilege Manage on the page; or The global privilege Manage on the object type All Pages
Add, delete, or edit a region	The page privilege Manage on the page; or The global privilege Manage on the object type All Pages
Create, delete, or edit a template	The page group privilege Manage Templates on the page group; or The global privilege Manage Templates on the object type All Page Groups Notes: A user with this privilege must also have the page group privilege View to view pages in the page group. Users with this privilege can delete a tab on a template only when they also have the privilege to delete any content added to the tab on pages that are based on the template.
Create, delete, or edit an attribute, item type, page type, category, or perspective	The page group privilege Manage Classifications on the page group; or The global privilege Manage Classifications on the object type All Page Groups Notes: A user with this privilege must also have the page group privilege View to view pages in the page group.
Create a page group	The global privilege Create on the object type All Page Groups
Edit page group properties, or delete a page group	The page group privilege Manage All on the page group; or The global privilege Manage All on the object type All Page Groups

B.2 Page Group Privileges

Table B-2 lists and describes the privilege levels that can be granted on page groups.

Table B-2 Page Group Privileges

A User or Group with the Following Privilege:	Can:
Manage All	Perform any task within the page group. The Manage All privilege includes all other page group privileges: Manage Classifications, Manage Templates, Manage Styles, and View. A user with this privilege is called the page group administrator.
Manage Classifications	Create, edit, and delete any category, perspective, attribute, custom item type, and custom page type in the page group. Note: A user with this privilege must also have the page group privilege View to view pages in this page group. Users with this privilege cannot delete item or page types they have created if the portal contains items or pages based on the type. Such users must first obtain privileges on the items and pages.
Manage Templates	Create, edit, and delete any template in the page group. Notes: A user with this privilege must also have the page group privilege View to view pages in the page group. A user with this privilege can delete a tab on a template only if other users have not placed their own content on the tab on pages that are based on the template or if the user has sufficient content management privileges on the pages that are based on the template.
Manage Styles	Create, edit, and delete any style in the page group, and change the style applied to any page in the page group. A user with this privilege can also view any page in the page group. Note: The Manage Styles privilege does not provide grantees with any personalization privileges on the page groups on which it is granted.
View	View the content of any page in the page group, but cannot add, remove, show, or hide any content within those pages. A user with the privilege can also preview any externally published portlet in the page group.

B.3 Page and Tab Privileges

Table B-3 lists and describes the privilege levels that can be granted on both pages and tabs.

Table B-3 Page and Tab Privileges

Privilege	Description
Manage	A user with the page privilege Manage can perform any operation on the page or tab. The Manage privilege includes all the other page or tab privileges. Such users can add regions to a page and create sub-pages under the page on which they have the privilege. Additionally, they can perform all of the actions listed for the Manage Content privilege, as well as control page or tab access and the page style or the style of the tab's regions (but see Notes). Notes: For a user with this privilege to change the page style or the style of the tab's regions, the page group option Allow Privileged Users To Manage Style must be selected at the page group level. Selecting this option enables the user to apply a different style when editing the page or the tab's regions. If this option is not selected at the page group level, only users with the page group privilege Manage All or Manage Styles can apply a different style to the page or the tab's regions. There is a second page group option for controlling page styles called Allow Privileged Users To Personalize Page Style. When this option is selected, users with at least the page privilege Personalize (Style) can apply a different style when personalizing the page. If a page is based on a template, users with the Manage privilege may not be able to control page or tab access and style. There are two template-level options, Enable Pages To Have Different Access and Enable Pages To Use Different Style, that control whether page designers can specify different access and style settings. These template-level options must be selected; otherwise, page or tab access and style settings cannot be changed on pages that use the template, even though users have the Manage privilege. For more information, see Section 4.3.2, "Controlling Who Can Apply a Different Style to a Page" and Section 18.5.2, "Granting Privileges on a Page".
Manage Content	Users with the page or tab privilege Manage Content can add, edit, hide, show, share, and delete, any item, sub-item, portlet, or tab on the page or tab's defined regions. Such users can also personalize pages according to the personalize page privileges and can view the page.
Manage Items With Approval	A user with the page or tab privilege Manage Items with Approval can add or edit items on the page or tab, but the changes are published only after the defined approval process is complete. Notes: This page privilege is available only when approvals are enabled on the page's page group. If approvals are enabled, but an approval process is not defined, users with this privilege can add, edit, or copy items on the page or tab without approval. In other words, when approvals are enabled but an approval process is not defined, the page privilege Manage Items With Approval becomes equivalent to the page privilege Manage Content with regard to items. This privilege is not available for mobile pages. Users with the page or global privilege Manage Items with Approval can also personalize the pages on which they have the privilege and can view the page. For more information, see Section 6.4, "Setting Up Approvals".
Manage Style	A user with the page or tab privilege Manage Style can change the style of the page and regions on the page or regions on the tab.The Manage Style privilege includes all of the page personalization privileges and the View privilege on the pages on which it is granted. Notes: For a user with the Manage Style privilege to change the style of a page or a region on a tab, the page group option Allow Privileged Users To Personalize Page Style must be selected for the page's page group. This option is available on the Main tab of page group properties. If a page is based on a template, users with the Manage Style privilege may not be able to control the style of the page. The template-level option, Enable Pages To Use Different Style must be selected on the template to enable users with the Manage Style privilege to change the style of a page that is based on the template. This privilege is not available for mobile pages.
Personalize Portlets (Full)	A user with the page or tab privilege Personalize Portlets (Full) can alter his own view of the page by changing the style of the page, adding portlets to the page, and deleting, moving, hiding, or showing any portlet on the page. Notes: For a user with this privilege to change the style of a page or of a region on the tab, the page group option Allow Privileged Users To Personalize Page Style must be selected for the page or tab's page group. Such users can also view any page on which they have the privilege. Changes made under Personalize privileges are visible only to the user who made them. For example, if a user with the Personalize Portlets (Full) privilege deletes a portlet from a page or tab, other users will still see that portlet. Similarly, if a user with the Personalize Portlets (Full) privilege adds a portlet to a page or a tab, only that user will see the portlet.
Personalize Portlets (Add-Only)	A user with the page or tab privilege Personalize Portlets (Add-Only) can alter their view of the page by changing the style of the page, adding portlets to the page, and deleting, hiding, or showing the portlets that they add. Such users can also view any page on which they have the privilege. Notes: For a user with this privilege to change the style of a page or of a region on a tab, the page group option Allow Privileged Users To Personalize Page Style must be selected on the page or tab's page group. Changes made under the privilege Personalize Portlets (Add-Only) are visible only to the user who made them. For example, if a user with this privilege adds a portlet to a page, only that user will see the portlet.
Personalize Portlets (Hide-Show)	A user with the privilege Personalize Portlets (Hide-Show) can change the style on their view of the page or of regions on a tab, and hide, show, or rearrange any portlet on their view of the page or regions. Such users can also view any page on which they have the privilege Notes: For a user with this privilege to change a style, the page group option Allow Privileged Users To Personalize Page Style must be selected on the page or tab's page group. Changes made under the privilege Personalize Portlets (Hide-Show) are visible only to the user who made them. For example, if a user with this privilege hides a portlet on a page, that portlet is hidden only for that user; other users will still be able to see the portlet.
Personalize (Style)	A user with the page or tab privilege Personalize (Style) can apply a different style to their view of the page or of regions on a tab. Such users can also view any page on which they have the privilege Notes: For a user with this privilege to change a style, the page group option Allow Privileged Users To Customize Page Style must be selected on the page or tab's page group. Changes made under the page privilege Personalize (Style) are visible only to the user who made them. For example, if a user with this privilege applies a different style to a page, other users will still see the page with the original style. If a page is based on a template, users with this privilege may not be able to control the style of the page or of the region on the tab. The template level option Enable Pages To Use Different Style must be selected on the template to enable users with the Personalize (Style) privilege to change the style of a page that is based on the template. This privilege is not available for mobile pages.
View	A user with the page or tab privilege View can view the content of the page or tab, but cannot add, remove, show, or hide any of that content.

B.4 Item Privileges

Item level privileges are useful for granting users a higher level of privilege on an item than might be granted to them on the page or tab that contains the item. For example, a user with the page privilege View can view a page but cannot affect the page in any other way. Give that user the item privilege Edit, and he can enter the page in Edit mode and revise the relevant item. This user cannot affect any other page content, just the item on which he has the higher privilege and any sub-items he may create under that item.

Table B-4 lists and describes the privileges that can be granted on items when item level security is enabled.

Table B-4 Item Privileges

Item Privileges	Description
Manage	Users with the item privilege Manage can view, edit, delete, and grant privileges on the item on which they have the privilege. Additionally, they can add sub-items under the item.
Edit	Users with the item privilege Edit can view, edit, and delete the item on which they have the privilege. Additionally, they can add sub-items under the item.
View	A user with the item privilege View can view the item. No other actions are available through this privilege.