PowerBuilder Tips, Tricks, and Techniques

Berndt Hamboeck

Subscribe to Berndt Hamboeck: eMailAlertsEmail Alerts
Get Berndt Hamboeck: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

PowerBuilder: Article

Working with the Enterprise Portal

An overview Part 3

An enterprise portal is the converged "hub" of multiple, complementary information management solutions, including document and content management, information search and retrieval, knowledge management, team collaboration, workflow, and business intelligence.

Sybase Enterprise Portal Security Architecture
Sybase Enterprise Portal provides single sign-on throughout the portal including transparent authentication to a lot of legacy systems. In the good old days, it wasn't necessary to have single sign-on. You had a mainframe where you connected with one username and password. With the advent of networks, users suddenly acquired one account after another, with different usernames and passwords to remember. Sybase Enterprise Portal tries to overcome this issue by providing single sign-on. This sounds great, but it also means that as a portal developer or administrator, you have to think about how to set up the security for your portal.

The administrator for security services is called the Portal Security Officer (PSO). This person uses the Portal Security Manager, which is an application that comes with the Enterprise Portal. You'll soon learn how to set up a database for use with single sign-on. Usually before the PSO sets up Enterprise Portal security, this person should carefully review the structure of the business enterprise, the different assets that must be secured, the types of security required for each asset, the information needs of the users, whether encryption and digital signatures are to be included, available hardware and software, failover requirements, and other issues that affect security and the Enterprise Portal.

Sybase Enterprise Portal provides single sign-on throughout the portal, including transparent authentication to different legacy systems. The following example describes and summarizes the steps necessary to set up security and populate the access control database used by the portal to verify a user's rights. The following section details each step. By following the example, you'll become a pro very fast.

Security System Setup
This section describes all the steps necessary to set up a security system in an enterprise portal. Later you'll access a database through the security system so you'll go through most of the steps described (some of them are preconfigured). The security system of the Sybase Enterprise Portal isn't available in the evaluation version. To follow along with the example, you need to have the full version installed.

1.  Create the organizational hierarchy for the security system. You define the root-level organization when you install and configure Enterprise Portal. Then you add other organizations or sub-organizations to mirror the organizational structure of the enterprise. Enterprise Portal doesn't limit the number of organizations or the number of organizational levels. However, there can be only one root organization.

2.  Populate the organizations and sub-organizations with subjects. A subject can be any user whose access to an asset might need to be restricted. The Portal Security Officer can register users through the Portal Security Manager or, if security information is already centralized, through the access control database API provided by the portal.

3.  (Optional) Create groups and populate them with subjects (users).

4.  (Optional) Create role(s) for each subject. Create asset types at each organizational level. An asset type describes a category of similar assets (for example, Database or Servlet). The Portal Security Officer must create the asset type before creating an asset.

5.  Create assets using the Portal Manager or the Portal Security Manager. When created, an asset is only an access control element until you define an authorization service for a particular subject to access that asset. For example, you create the asset of the type needed (EJB; Jaguar Component like a servlet; JDBC for database access; an EAServer connection cache; or the type to use the portal search capabilities) and assign it the asset type Servlet that you also create. The asset is stored in the access control database as an access control element. Remember that you can't create an asset until you define at least one asset type. Next you add an authorization service for one of your subjects (users) that lists the service name. The authorization service is now linked to an asset so the Connection Manager can check the permissions that the user has on this asset before allowing the authorization service to be used. You'll do all of these steps at the end of this article.

More Stories By Berndt Hamboeck

Berndt Hamboeck is a senior consultant for BHITCON (www.bhitcon.net). He's a CSI, SCAPC8, EASAC, SCJP2, and started his Sybase development using PB5. You can reach him under [email protected]

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.