The Price of Power
By Antony Reynolds-Oracle on Jan 24, 2007
The Price of Power
It has been a while since I wrote anything in this blog, Christmas, two of my childrens birthdays, illness and general lethargy have got the better of me, but I�m back! I have just been on a training course for the new Oracle WebCenter product. This gave me a chance to play with the product before it goes production in the near future. The product has lots of neat features like the ability to host portlets on any JSF page, access to all existing Oracle and WSRP portlets, discussion groups as well as support for presence and VOIP. So I was really enjoying playing with the product until we came to the security piece.
The security is actually very good, with data control access (a feature of ADF generally) being determined at the individual data element level without any need for custom code. So a manager could have a control that displayed employee details, including their salaries whilst a regular employee using the same page would not see the salary information because he would not have access to that element in the control.
So what is my gripe. Basically it is two fold, one related to my job and one related to tools in general. The first gripe is that by default when security is turned on all access is denied unless you explicitly allow it. From a security perspective (I have designed security architectures for banking systems) this is good, you should have to explicitly allow access. But my job is in the sales consulting organisation and so to show a decent amount of data in a demo after turning on security I have to go through and enable access to all items I want to show which is tricky in a demo, but not a big deal in a production system. So right behaviour for the real world, just not for Antony�s world.
My other complaint is that power always brings complexity with it. The complexity of WebCenter is well hidden but it is still there lurking under the surface waiting to bite you. Take security, you need to understand how the different permissions relate to each other and what permissions are needed to perform particular actions. WebCenter is very powerful in this regard but it comes at a price of some complexity. Less complex than coding it yourself but you still have to invest time to understand the model and how it applies to your requirements.
I guess I still have to pay the price of power, but I don�t have to like it!