It's all about the answers!

Ask a question

CRJAZ1394E The "{0}" user ID cannot connect to the repository

Albert Chirighin (1666) | asked Apr 30 '14, 9:15 a.m.
retagged Jun 27 '14, 11:49 a.m. by Dejan Custic (2855)
Hi All,
Some of the users on my project are getting this error:
The " {0} " user ID cannot connect to the repository because it is not assigned to a repository group that has permissions to access the repository.

They all have Process Roles.  I've noticed that they do not have any Repository Permissions checked, but I also have users who do not get the error and also do not have any Repository Permissions checked.

Thank You in advance for any help!

Albert Chirighin commented May 02 '14, 3:52 p.m.

Hi All,
Thank you for the responses.  At this point, I've had to hand the issue over to our Jazz Admins as it seems I like the permissions to affect change in a positive manner myself.  I'll update this post with what the end resolution is for posterity and for others.

Jin Zhou commented Jun 11 '14, 3:48 a.m.


We are facing the same isue now. It would be great if you can share your final solution here.


Albert Chirighin commented Jun 26 '14, 3:34 p.m.

Hi Jin, turned out for us that the only thing we could do is remove the users and add them back in.  It did fix the issue, but we don't know the root cause.  We speculate that something changed in those user ids, like their email address, that caused them to not be able to log in.

I hope this helps!

3 answers

permanent link
Philippe Chevalier (56114) | answered Apr 30 '14, 11:01 a.m.
edited Apr 30 '14, 11:04 a.m.
To be clear,  You have a user without a group assigned and they are still able to log into the applications? 

Your user must have at least one of the jazz groups,  the JAzzUsers group is a minimum requirement ...
Reposotory Permision  
Did you map the groups to all war file, meaning jts, ccm and qm?

If you using WebSphere Application server:

Deploying applications for the Rational solution for Collaborative Lifecycle Management on WebSphere Application Server

Relevant section:
  • Map security roles to a user or repository group:
    1. Go to Applications > Application Types > WebSphere enterprise applications.
    2. Click the jts_war application, and open it for editing.
    3. In the Detail properties section, click Security role to user/group mapping.
    4. Select a specific repository group, such as JazzAdmins or JazzUsers, and click Map groups.

      These repository groups are associated with every Jazz™ implementation and must be mapped to a particular group that contains the authorized users. If you are using LDAP, these groups must be set up on the LDAP server prior to completing this mapping. If you are mapping these repository groups to individual users, select the repository group and click Map Users.

    5. Enter a search string to return your group names from the LDAP server. Click Search to run the query.
    6. From the list of available groups that is returned, select the particular group and move it to the Selected column.
    7. Click OK to map the LDAP groups to the Jazz repository groups.
    8. Map the appropriate LDAP group for all Jazz repository groups:
      • JazzAdmins
      • JazzProjectAdmins
      • JazzDWAdmins
      • JazzUsers
      • JazzGuests
      Note: Do not enable the All authenticated? option.
    9. Save the changes.
    Note: If in the future there will be changes to the LDAP configuration level, you must remap the security roles to the user or repository group for JTS and other installed applications.

  • If you using tomcat:  Review the following 

    Manually configuring the Apache Tomcat web container to use LDAP

    permanent link
    Christopher Fleischer (7125) | answered Apr 30 '14, 11:18 a.m.
     Hi Albert,

    Any user accessing a project area will require at least the Jazzuser repository permission, I'm not sure how users that don't are able to get in, but you should confirm that they don't have a repository permission.

    If you are using LDAP repository, permissions are governed by your LDAP structure and how the users are mapped to each group. More information here on that:

    Step 9 in

    If you are using Tomcat registry you can simply check off a Jazzusers repository permission and save the user within jts/admin

    Hope this helps.

    permanent link
    Mathieu Defianas (15952838) | answered Nov 06 '15, 6:19 a.m.
    I have had the same error after a deployment of a patch.

    Firstly, when your LDAP groups are specific to your enterprise, and they aren't JazzUsers, JazzAdmins ... etc ... , you must declare it on the file tomcat/webapps/<<apps>>/WEB-INF/web.xml.

    Then, when you apply a patch, you must delete the folders tomcat/webapps/<<apps>> and deploy it again with new patched war files.
    But when the war are deployed, the specific LDAP configuration is not set again on the files WEB-INF/web.xml ...
    You must write again the entire LDAP configuration on these files web.xml.


    Donald Nong commented Nov 08 '15, 9:58 p.m.

    What exactly did you change in the web.xml file? You may also consider using the method in the below article.

    Mathieu Defianas commented Nov 09 '15, 1:58 a.m.

    You should consult and follow the part "Changes in web.xml to support Jazz-LDAP group mapping" when you apply a patch.
    This information is not mentionned in the ReadMe.txt on the patch


    Your answer

    Register or to post your answer.

    Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.