First of all, let me mention that by saying Security Model I mean primarily its authorization component . It's the one that defines what users can do and what content they can access. There's also the authentication piece that determines who the user really is, and there's auditing, that keeps track of what people do. We've seen the use of the Content Server log files and the use of providers to connect the Content Server to LDAP for authentication in Chapter 2, Major Controls, so let's focus on authorization.
We will start by placing "red flags" around common confusion points.
Most of us are used to Windows and UNIX security systems, user groups, file and folder permissions, and so on. We're comfortable with these and are expecting Oracle UCM to work the same way. But it doesn't! What you need is a paradigm shift.