Should Oracle be on your Web CMS shortlist?


OracleOracle is among the largest global enterprise software vendors and like IBM and Microsoft, Oracle entered the CMS marketplace via an acquisition (Stellent in 2007). Oracle Universal Content Management (UCM) is based on the original Stellent product now fully rebranded, much improved and leading the market according to IT analyst Gartner. Does this make Oracle an obvious and safe candidate on your Web CMS shortlist?

We find that Oracle UCM does not come up often in standalone Web CMS selections, which is why it did not appear on our 2009 CMS Shortlist. According to Oracle sales pitches, the product has experienced increased adoption in recent years. As the Oracle customer list is very long and Oracle is known for upselling to the install base and for including UCM in larger deals, this sounds plausible.

Depending on your specific requirements, there are several reasons which might make Oracle a meaningful inclusion on your shortlist.

Before you go ahead and add Oracle UCM to the shortlist here’s a few bullets for your consideration:

Oracle is planning to release the much-anticipated 11g version of Oracle UCM later this year, which we look forward to studying closer. In the mean time, consider talking to Oracle on getting more information about what’s coming.

Thanks to @erikmhartman, @irina_guseva, @TonyByrne and @vesterli for valuable input.

5 thoughts on “Should Oracle be on your Web CMS shortlist?”

  1. I would add another precautionary bullet point, having to do with the rights model. Study the UCM roles and rights model carefully and compare it against your requirements; that’s my advice. Maybe @bex or someone with deep UCM experience can educate me here, but I find the UCM rights model a tad unconventional. It defines a security group as a collection of files (not users). It maps rights to roles, then users to roles. Each security group is accessible to appropriately privileged roles.

    If you create more than 50 security groups, system performance (initially at the admin level, but eventually at the user level) begins to take a hit, at which point Oracle suggests you turn on a feature called Accounts, which is a more granular, hierarchical permissions model. But if you choose to enable “Accounts,” you can’t go back to a non-accounts-enabled model without losing data (according to Oracle’s own documentation).

    The whole thing seems a bit scary to me, but maybe that’s because I don’t understand it, which is not infrequently the case with things that scare me. ;)

  2. A reply to Kas from Alan Baer of Oracle:

    While Oracle’s terminology may be a bit quirky, I think our security functionality is a strength.

    The basic UCM security models are pretty standard. We classify content (security groups) and we put users into groups (roles). Then we provide a way to configure what content classifications each group of users has access to, and what level of access. On the user side, we have extensive support for all major directories (LDAP, Active directory, etc.) and authentication products, so the user grouping and single sign-on is typically pulled from a “standard” external source.

    While it would be possible do away with security groups and apply user groupings directly to content (some Content Management products do take this approach) we believe this ultimately creates problems similar to ACLs. If you later decide to change how users are organized – something that’s certainly not uncommon – then all documents need to be touched. In the UCM model, they don’t.

    We think it’s an advantage to offer a simple model (security groups) as well as a more granular model (accounts), and you describe the differences well. I agree that the wording in the docs about “losing data” is way too frightening, not to mention inaccurate. In reality, no data will ever be lost. Under certain conditions, after turning off accounts users may not be able to access certain content items until the administrator makes some metadata changes, but these changes are easily made.

    We’ll remove the reference to “losing data” from the documentation and describe more specifically what administrators should do prior to turning off accounts. This way customers can understand what will happen without being scared away – and analysts needn’t be “precautionary” on this point.

  3. @Kas:

    Alan is correct in that the documentation is giving you an overly stern warning. If you make a major change to the security model, your users will get the PERCEPTION of data loss, because now they don’t have sufficient rights to access their content… The content is still there, just too secure to be seen. You just need to update the users’ access rights, and everything should be fine.

    This did inspire me to write a blog post on the origin of the UCM security model, tho… Hopefully you find it informative.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>