Brochure: Advanced User Security Mapping
Brochure: Add-On Products for Oracle WebCenter
Case Study: Safety and Compliance in Heavy Industry
Advanced User Security Mapping (AUSM), now in version 8.0, bridges the gap between Oracle WebCenter Content security and your enterprise security model. The solution is ideal for users who are having difficulty leveraging information from user directories to secure content and would like to employ more automatic processes in WebCenter. AUSM extends the core WebCenter Content LDAP/AD integration to interpret additional directory information, including user attributes, organizational units, and group membership, to define access to content.
AUSM version 8.0 features an entirely new user interface for creating and managing rules. Users now have the ability to delegate the evaluate user capability to sub-administrators and to export and import rules for backup or migration purposes. Version 8.0 is also certified on the new Oracle WebCenter Content 12c.
Benefits of AUSM
Synchronization: Automatically pre-populates Oracle WebCenter Content system with users, vs. waiting for each user to manually log in to the system before adding them to workflows, aliases, etc.
Performance: Drastically improves network performance through a simplified LDAP/AD structure
Flexibility: Intuitive "rules engine" extends basic LDAP/AD integration, allowing administrators to assign user performance from complex rules based on directory information. Permission can be both granted and denied, and users can now be assigned to aliases for workflows and collaboration manager automatically based on directory information
Compliance: Easily demonstrates compliance by showing user access levels to content across your entire Oracle WebCenter Content system
Simplified Administration: Allows administrators to validate permission and troubleshoot access issues for specific users without requiring them to log in
Frequently Asked Questions
Can I make changes to people's access without involving my network administrator?
Yes, AUSM allows you to create rules and exceptions based on users' characteristics (LDAP group, user attributes, or organizational unit), and then automatically reassigns permissions based on the criteria set. For example, you can take one user and give them the admin role, or take an entire department and give them access to a specific account, all without modifying Active Directory or LDAP.
Does AUSM write information back into LDAP or Active Directory (AD)?
No, AUSM only reads information from LDAP and AD, but does not push information back to them. Many organizations follow the common practice of not allowing a third-party application to modify their corporate security scheme.
How do I know what access a specific user is assigned?
AUSM's interface has a rules page where you can type in a username and AUSM shows you their access and what rules apply to get that access.
Can users automatically be assigned to aliases?
Yes, users can be assigned to aliases automatically using the same rule definition process based on LDAP group, attributes, or Organization Unit.
How do I see what users have access to a security group and account?
In AUSM's "Retrieve Users with Access" interface, you can choose what security group, account, and permission level you would like to view and a list is returned with users that have at least that much privilege. For example, if you'd like to see who can modify public documents, choose the public security group, the empty account (if accounts are enabled), and read/write permission.
How do I add new AD users to the Content Server?
By default, AD users are added to the Content Server when they first log in. With AUSM, new users can be added automatically through a synchronization process on a scheduled basis or can be manually initiated by an administrator.
When users are removed from AD, does the synchronization process also remove them from the Content Server?
AUSM doesn't currently remove users from the Content Server database when they are removed from the directory. This is an enhancement that has been considered, and if it would be of interest to you, please contact us.