Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

IBM i , WAS 7.0 ; Local System User -"You are using a directory service that is not writable. User roles cannot be modified"

Questions
Tags
Users
Badges
Sasikumar Manickam
(1035) Apr 05 '14, 11:16 p.m.
Hi - 
We are exploring Jazz 4.0 on IBM i, V6R1 and WAS 7.0
1- In WAS, Application level security ( CCM.war , qm.war, and jts.war) enabled and "JazzUsers" mapped to system some of our user's ID.
2- Jazz Admin page, I have created user IDs (same as OS profile ID ) with email address & name. I can assign "Rational Team Concert - Developer for IBM Enterprise Platforms" and  "Rational Team Concert - Developer" etc client Access Licenses. But I am not able give repository permissions. A notice displayed "You are using a directory service that is not writeable. User roles cannot be modified"
Users unable to login to project invitation url like "https://dev_ibmi:9443/ccm/web/projects/testproejct
Idea is to give my developers access to Jazz using IBMi user profile and accept invitations and work on the project.
TIA

Sashi

0 votes

6 answers
7,210 views
0 votes

6 answers

Permanent link
Lily Wang
(4.9k714) Apr 06 '14, 10:49 p.m.
Hi Sasikumar,
If you are using WAS as the application server, the user's repository permission is not controlled in JTS. From your description, you are using OS users and groups management in WAS. Then you need to add the user into the OS level group which you used to may to JazzUsers group in WAS application level security.
You can refer to the following links about the user management with WAS:
https://jazz.net/help-dev/clm/index.jsp?topic=%2F%2Fcom.ibm.jazz.install.doc%2Ftopics%2Fc_manage_users_fed_realm.html
https://jazz.net/library/article/604

0 votes

Permanent link
Andreas Nicoladoni
(19612523) Apr 07 '14, 2:38 a.m.

Hi Saskiumar,

we are using RTC since version 2 on our IBM-i.

We have taken the following steps the enrol users to RTC.

We enabled security in WAS with the usergroup JAZZUSER mapped to i-series user JAZZUSER

On system-i each user we want to include to the RTC-User group has in the additional groupprofile the profile jazzuser.

This soulution works for us.

0 votes

Comments
Sasikumar Manickam
Apr 07 '14, 7:17 p.m.

 I am still not able to get through this..

1- In WAS, what would be the value in User account repository under  global security?
2- Do we need to add user profiles at the application level? Jts.war, ccc.war etc.
3- Do we need to make any configuration change in WAS - Under Users and Groups -> Manage User and Manage groups?

All we want is ability to login to RTC with IBM i user IDs.


Permanent link
Andreas Nicoladoni
(19612523) Apr 08 '14, 1:50 a.m.

Hi Saskiumar,

to 1 the value must be local system and realname ist the name of your i-series

to 2 you have to apply security roles for user and groups for each apllication.

to 3 there is no need to configure anything.

With this configuration you should be able to login to RTC with i-Series users if the i-Series have a groupprofile like JAZZUSER

I hope this help you to login to RTC with i-series User

 

0 votes

Comments
Sasikumar Manickam
Apr 08 '14, 3:56 a.m.

We are able to login using IBM i profile (PGMR)... but whenever we log-in using a regular this profile (JAZZUSER group profile), https://dev_ibmi:9443/ccm/admin shows "ADMIN" name on top right corner. The "view my profile license " shows as JazzAdmins, DWAdmin and Jazzuser.. but this regular user profile znd it should have only "jazzuser" authority, and it shouldn't allow to create jazz local users and other Admin functions.

(unable to upload screenshot..)

Permanent link
Andreas Nicoladoni
(19612523) Apr 08 '14, 4:05 a.m.

Hallo,

I think there are configurations missing in global security.

Have you set the application security and administration security? I think these two must be set to resolve the problem

0 votes

Comments
Sasikumar Manickam
Apr 08 '14, 4:23 p.m.

please see below.. 

Permanent link
Sasikumar Manickam
(1035) edited
Apr 08 '14, 6:24 p.m.
My setting i as below:
  •  Enable administrative security  - Checked
  •  Enable application security -Checked 
  • Java 2 security - unchecked
  • User account repository - Local operating system
    •   General Properties
    • Primary administrative user name : MYPROFILE
    • Automatically generated server identity selected
  • LTPA
  • Use realm-qualified user names -Checked
- Application security

Enterprise Applications > ccm.war > Security role to user/group mapping


Select Role Special subjects Mapped users Mapped groups
JazzAdmins None SMANI
JTSADMIN
JAZZADMINS
QPGMR
JazzDWAdmins None SMANI
JTSADMIN
JAZZDWADMS
QPGMR
JazzUsers None SMANI
JTSADMIN
SMANTEMP
JAZZUSERS
QPGMR
JazzGuests None SMANI
JTSADMIN
JAZZGUESTS
JazzProjectAdmins None SMANI
JTSADMIN
JAZZPJADMS
Similar for all other apps.
I need SMANTEMP profile as just user; not ADMIN. it belongs to QPGMR group

Appreciate your help..

0 votes

Permanent link
Andreas Nicoladoni
(19612523) Apr 09 '14, 2:17 a.m.

Hallo,

in our configuration we have no mapped users, we only configure mapped groups with JAZZ* user profiles like you have for jazzguests. On System-i the jazzusers is passed as group profile for each developer. Our developer profiles have userclass *PGMR.

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Apr 05 '14, 11:16 p.m.

Question was seen: 7,210 times

Last updated: Apr 09 '14, 2:17 a.m.

Confirmation Cancel Confirm