It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×42,787
×10,908
×4,692
×3,952

question asked: Apr 05 '14, 11:16 p.m.
question was seen: 6,256 times
last updated: Apr 09 '14, 2:17 a.m.

Related questions

FAQ - How this Forum works

IBM i , WAS 7.0 ; Local System User -"You are using a directory service that is not writable. User roles cannot be modified"

0
Sasikumar Manickam (1035) | asked Apr 05 '14, 11:16 p.m.
Hi - 
We are exploring Jazz 4.0 on IBM i, V6R1 and WAS 7.0
1- In WAS, Application level security ( CCM.war , qm.war, and jts.war) enabled and "JazzUsers" mapped to system some of our user's ID.
2- Jazz Admin page, I have created user IDs (same as OS profile ID ) with email address & name. I can assign "Rational Team Concert - Developer for IBM Enterprise Platforms" and  "Rational Team Concert - Developer" etc client Access Licenses. But I am not able give repository permissions. A notice displayed "You are using a directory service that is not writeable. User roles cannot be modified"
Users unable to login to project invitation url like "https://dev_ibmi:9443/ccm/web/projects/testproejct
Idea is to give my developers access to Jazz using IBMi user profile and accept invitations and work on the project.
TIA

Sashi

6 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Lily Wang (4.9k714) | answered Apr 06 '14, 10:49 p.m.
Hi Sasikumar,
If you are using WAS as the application server, the user's repository permission is not controlled in JTS. From your description, you are using OS users and groups management in WAS. Then you need to add the user into the OS level group which you used to may to JazzUsers group in WAS application level security.
You can refer to the following links about the user management with WAS:
https://jazz.net/help-dev/clm/index.jsp?topic=%2F%2Fcom.ibm.jazz.install.doc%2Ftopics%2Fc_manage_users_fed_realm.html
https://jazz.net/library/article/604

0
permanent link
Andreas Nicoladoni (19612523) | answered Apr 07 '14, 2:38 a.m.

Hi Saskiumar,

we are using RTC since version 2 on our IBM-i.

We have taken the following steps the enrol users to RTC.

We enabled security in WAS with the usergroup JAZZUSER mapped to i-series user JAZZUSER

On system-i each user we want to include to the RTC-User group has in the additional groupprofile the profile jazzuser.

This soulution works for us.

Comments
Sasikumar Manickam commented Apr 07 '14, 7:17 p.m.

 I am still not able to get through this..

1- In WAS, what would be the value in User account repository under  global security?
2- Do we need to add user profiles at the application level? Jts.war, ccc.war etc.
3- Do we need to make any configuration change in WAS - Under Users and Groups -> Manage User and Manage groups?

All we want is ability to login to RTC with IBM i user IDs.


0
permanent link
Andreas Nicoladoni (19612523) | answered Apr 08 '14, 1:50 a.m.

Hi Saskiumar,

to 1 the value must be local system and realname ist the name of your i-series

to 2 you have to apply security roles for user and groups for each apllication.

to 3 there is no need to configure anything.

With this configuration you should be able to login to RTC with i-Series users if the i-Series have a groupprofile like JAZZUSER

I hope this help you to login to RTC with i-series User

 

Comments
Sasikumar Manickam commented Apr 08 '14, 3:56 a.m.

We are able to login using IBM i profile (PGMR)... but whenever we log-in using a regular this profile (JAZZUSER group profile), https://dev_ibmi:9443/ccm/admin shows "ADMIN" name on top right corner. The "view my profile license " shows as JazzAdmins, DWAdmin and Jazzuser.. but this regular user profile znd it should have only "jazzuser" authority, and it shouldn't allow to create jazz local users and other Admin functions.

(unable to upload screenshot..)

0
permanent link
Andreas Nicoladoni (19612523) | answered Apr 08 '14, 4:05 a.m.

Hallo,

I think there are configurations missing in global security.

Have you set the application security and administration security? I think these two must be set to resolve the problem

Comments
Sasikumar Manickam commented Apr 08 '14, 4:23 p.m.

please see below.. 
0
permanent link
Sasikumar Manickam (1035) | answered Apr 08 '14, 4:23 p.m.
edited Apr 08 '14, 6:24 p.m.
My setting i as below:
  •  Enable administrative security  - Checked
  •  Enable application security -Checked 
  • Java 2 security - unchecked
  • User account repository - Local operating system
    •   General Properties
    • Primary administrative user name : MYPROFILE
    • Automatically generated server identity selected
  • LTPA
  • Use realm-qualified user names -Checked
- Application security

Enterprise Applications > ccm.war > Security role to user/group mapping


Select Role Special subjects Mapped users Mapped groups
JazzAdmins None SMANI
JTSADMIN
JAZZADMINS
QPGMR
JazzDWAdmins None SMANI
JTSADMIN
JAZZDWADMS
QPGMR
JazzUsers None SMANI
JTSADMIN
SMANTEMP
JAZZUSERS
QPGMR
JazzGuests None SMANI
JTSADMIN
JAZZGUESTS
JazzProjectAdmins None SMANI
JTSADMIN
JAZZPJADMS
Similar for all other apps.
I need SMANTEMP profile as just user; not ADMIN. it belongs to QPGMR group

Appreciate your help..

0
permanent link
Andreas Nicoladoni (19612523) | answered Apr 09 '14, 2:17 a.m.

Hallo,

in our configuration we have no mapped users, we only configure mapped groups with JAZZ* user profiles like you have for jazzguests. On System-i the jazzusers is passed as group profile for each developer. Our developer profiles have userclass *PGMR.

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.