shawnlauzon wrote:

I read in https://jazz.net/wiki/bin/view/Main/DataWarehouseExtending
that to update the data warehouse snapshot you needed to be logged in
as ADMIN. Unfortunately I am using LDAP to authenticate, and there is
no ADMIN user. How can I setup permissions to give an arbitrary user
ADMIN authority to be able to administer the data warehouse? Thanks
..

shawn.

Hi Shawn,

Currently, the update *must* be run as the ADMIN user, because:
(1) The SCM snapshot modifies a repository workspace, which is owned by
the ADMIN user, and hence the snapshot must run as ADMIN, and
(2) There is currently no facility for impersonating a user, like 'sudo'
on unix.

So there is no way at present to give an arbitrary user admin authority
to perform the update.

james

shawnlauzon wrote:

Thanks James. By the phrase "at the moment", I assume that
there are plans to do so? Because otherwise, reporting is basically
broken for anyone that uses LDAP authorization.

I'm not looking for a "sudo" command to impersonate a user.
I'm simply looking for some "admin" authority for the
workspace, and then the capability to grant that authority to a user
via some UI.

It is only the administrative things that are broken, and we use them
mostly for debugging; there are few times that users will legitimately
want to use these things:

(1) The "update" buttons force a manual run of a snapshot. But the
snapshots are triggered by automated jobs daily, so there is really no
need to run them manually most of the time. (Related to this, we *do*
have a plan item to allow more configurable scheduling of these
snapshots, allowing you to specify the intervals between runs as well as
turn individual snapshots on and off).
(2) The export and import is useful for us if we want to move warehouse
data from one repository to another, but this is mostly a testing thing,
and since now the data warehouse participates in the Jazz migration
story, there is no need to do this when you move to different milestones.
(3) Dropping and re-creating the tables is pretty much a catastrophic
operation that users should basically never want to do; again, something
that's useful for development.

Is there one of these in particular that you feel is more important from
an end-user perspective?

james

shawnlauzon wrote:

I was having a problem that the snapshot wasn't happening, but it's
possible that I just didn't wait long enough. I had thought that I
had the server running for a couple days and I still didn't see a
snapshot, but I could be mistaken. I do know that the report showed
no data until using the generating the data manually, and then it did
work.

In any case, it still seems bothersome that you need a user named
"ADMIN" to do certain things. If it's truly only useful
when developing, that might be ok. But from my experience, any time
you say "an end user would never need that", it turns out
that eventually an end user _does_ need it.

I agree about the ADMIN thing - I believe there is a repository
enhancement request open to allow sudo-like capabilities. If this is
implemented, it will get rid of the current requirement to run the
update as ADMIN. I don't have the work item number handy.

james