QM You are using a directory service that is not writable. User roles cannot be modified.
Newbie question please?
I have RQM 4.0.3 on Windows.
During setup (jts/setup), I chose "Non-LDAP external registry".
Somehow I created a user in QM (mshen)
with the desired Repository Permissions:
JazzAdmins checked
JazzDWAdmins checked
JazzGuests checked
JazzUsers checked
JazzProjectAdmins checked
Now I need to create more users with all the Jazz*
permissions or some of them.
Now I create users in WebSphere.
I then create users in JTS.
But in JTS I see:
Notice: You are using a directory service that is not writable. User
roles cannot be modified.
Please help - how do I modify user roles in QM now?
Seems I need to link a user in QM to a user in WebSphere?
Accepted answer
Comments
Thanks. The graphics on article #97 are too small,
and the article appears to be too old anyway.
My WAS is 8.5 and QM is 4.0.3.
My problem seems to be, group membership of users in WAS
are not picked up by JTS.
For example, testuser001 is in the JazzAdmins group in WAS,
how do I make testuser001 to have JazzAdmins role in JTS?
Regardless how old the article is, the mechanism did not change. You have to do the user/group mapping in WAS first, then associate the roles to repository roles, in the security settings. You have to do that for your initial admin user you create during setup, before the setup. You might be able to get away with doing it after the setup, though.
2 other answers
I would suggest to use LDAP. There are free LDAP systems available. I think we show how that works in https://jazz.net/library/article/662 and we show using Windows Active directory here: https://jazz.net/library/article/831 .
Comments
Thanks, but at this point I would rather not get into LDAP.
"File-based", that sounds simple and promising.
As I said, I somehow already have a user with the desired roles.
If it is file based, where is the file?
Presumably, that file has my one correct user.
Maybe I can edit that file,
copying my one correct user to create additional users?
It is managed within WebSpehere Application Server. I am not sure there is a file you can work with. You have to create the users within the WebSphere administration console and map the users to their repository roles.
This works well for a few users, but I don't think it scales to a lot of users. At some point LDAP is way easier to maintain.
For now we plan to have at most a few users in QM.
I believe my problem at the moment is to edit the roles.
Please take a look at the following screen shots.
The user "mshen" was created during JTS setup, and it has JazzAdmins role.
Now, in WAS I create the JazzAdmins group,
create user testuser001 and put testuser001 in JazzAdmins.
If only I can make testuser001 to have JazzAdmins role in JTS.
https://drive.google.com/file/d/0B4BDLPwRFhUKNU9JdXVGZ19rUFE
https://drive.google.com/file/d/0B4BDLPwRFhUKakdwbVVKdDhLMVU
https://drive.google.com/file/d/0B4BDLPwRFhUKb2ZOVkp0V1kwb00
https://drive.google.com/file/d/0B4BDLPwRFhUKcnFjdU5OU3liMU0
As far as I recall, you have to create the user e.g. mshen in the WAS registry and associate him to the JazzAdmin Group before you even run the setup. You have to map the user to the group and the group to the repository roles in Jazz. Please look at https://jazz.net/library/article/662. Some of the labs the deployment of an application and mapping the groups to the repository roles.
Once you do that, the check marks appear in Jazz. You can not check the repository roles, as they are granted by setting up the mapping in the WAS registry.
Thanks to Sunil and Ralph, seems I am ok now.
I am still using the "file-based realm", no LDAP at this point.
In QM when I am logged in as user "x", its own
repository permissions are checked, any other
users' repository permissions are shown as not-checked.
Seems I have to assign each user to all 5 groups
JazzAdmins,JazzDWAdmins,JazzGuests,JazzUsers,JazzProjectAdmins.
This seems progress!