Security (Users, Groups, Accounts) in Oracle Content Server (ECM/UCM)

Oracle Content Server is main component in Oracle’s Enterprise Content Management/ Universal Content Management (ECM/UCM – Stellent). This post covers Security (User, Group and Accounts) Management in Oracle Content Server.

1. Content Server offers two levels of security on Content Item
a) Security Groups (Required)
b) Accounts (optional)

If Accounts are in use, Account becomes primary permission to satisfy before security group permissions are applied.
Account Names CAN NOT exceed 30 characters

2.Each content item (word, pdf, multimedia file..) is assigned to security group and if accounts are enabled then content items could also be assigned to Accounts.

3. Users are assigned Read, Write, Delete, Admin privileges for each security group and Account.

4. Content Server offers three options for Security
a) Internal Security – User security within Content Server
b) External Security– User logins, password and permissions are in external source (AD, LDAP, AD with LDAP)
c) Additional Security – some users using internal security while others external.

5. There are three login type users in content server
a) Local Users – Users defined with in content server by Administrators
b) Global Users– lightly managed users, credentials extends to multiple content server (proxied server).
c) External Users – Users defined outside content server and authenticated through external security.

6. To add security Users and Groups use “User Admin Application

7. You can run “User Admin Application” in two ways
a) Administration Page (as Java Applet from Browser)
Login to Content Server as administrator -> Administration -> Admin Applets


b) Standalone Mode (from machine where Content Server is running)

i) cd $INSTALL_DIR/bin
ii) ./UserAdmin


8.Login name is case sensitive in Content Server
for ex. sysadmin, Sysadmin, SysAdmin, SYSADMIN are four different users.

9. Default users in Content Server are sysadmin (Superuser) and user1 (contributor) with default password as idc

10. It is possible to Authenticate user against Active Directory or LDAP Server



Integration of Oracle Content Server (UCM/ECM) with Microsoft Active Directory or LDAP Server (OID, iPlanet, openLdap) coming soon …

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

meljobin says October 2, 2008

As most of you know, there are very few people that are truly knowledgeable in regards to Stellent / Oracle UCM architecture! I was hoping to network should you know of anyone that would be interested in considering a 3 month project opportunity in the Atlanta area.

If you do happen to know of someone that would be interested in learning more about this opportunity, please feel free to forward my contact information! I am seeking an Oracle UCM (Stellent) Architect / Developer.

I really do appreciate the opportunity to network!


Melanie Jobin

mahesh says November 27, 2008

Hi Atul,

I need a help.

there is an content server installed on client machine and we need to find out the configurations of that installations.
In detail generally the installation details like database name and host details and the serer details and the webserver used.

can u please help me how to find all the above details? and from which files in the installation i can gather more information?


Skye says February 13, 2009

My apologies for such a late reply – but if you still need this information most of it is available in the config.cgf file in the application instance config/ directory.

NewUser123 says June 1, 2011


There is a scenario as below.

Think that I have two contents (C1, C2) which are present in a Site Studio env. And there are three users (U1, U2, U3). I want C1 should be visible to only U1 and U2 but not to U3. So how can I set a new Security Group so that the content is visible only for two users not for the third.

And more over I would like to add a new parameter or a metadata so that in future if there I want the U3 to see C1, I should just change the metadata value.


Atul Kumar says June 1, 2011

@ NewUser123,
There are couple of ways to achieve it. Two ways which I can think of are

1. Via Groups – Create group c1c2u1u2 and add user u1 and u2 to this group. Give read access to group c1c2u1u2 on content C1 .

2. Via Access Control List – You can assign access to content directly to user/group based on ACL . More information at

Kanika says January 22, 2013

however , solution above will still give u1 u2 read access to the c1 content .right ?I think so ….Is there any way that content is completely invisible to the user(for confidential reasons)

Add Your Reply