Oracle WebCenter Sites Roles & Permissions

Oracle WebCenter Sites uses an ACL-based permission model with site-level roles and asset-type permissions integrated with Oracle's security framework.

Built-in Roles

ACL-Based Permissions

Permissions are assigned per asset type and per site:

<!-- WebCenter Sites ACL configuration -->
<!-- Assets types: Page, Article, Media, Template, CSElement -->
<acl>
  <role name="AnalyticsAdmin">
    <permission asset-type="Template" action="read,write"/>
    <permission asset-type="CSElement" action="read,write"/>
    <permission asset-type="Page" action="read"/>
  </role>
</acl>

Analytics-Relevant Permissions

Template and CSElement editing permissions are required for analytics script installation:

<%-- WebCenter Sites Template: Add to Layout template --%>
<%-- Navigate to Admin > Template Management --%>
<head>
  <ics:callelement element="Head/MetaTags"/>
  <script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXXXX"></script>
  <script>
    window.dataLayer = window.dataLayer || [];
    function gtag(){dataLayer.push(arguments);}
    gtag('js', new Date());
    gtag('config', 'G-XXXXXXXXXX');
  </script>
</head>

LDAP Integration

WebCenter Sites integrates with Oracle Internet Directory (OID) or any LDAP provider through WebLogic Server's security realm.

Best Practices

1. Use SiteAdmin for site-specific management rather than granting GeneralAdmin
2. Create a custom AnalyticsAdmin role with only Template/CSElement write permissions
3. Use the Browser role for stakeholders who only need to review content
4. Integrate with LDAP/OID for centralized authentication
5. Audit role assignments through the Admin interface > User Management