CRJAZ1394E The "{0}" user ID cannot connect to the repository
Hi All,
Some of the users on my project are getting this error:
Some of the users on my project are getting this error:
CRJAZ1394E
The "
{0}
" user ID cannot connect to the repository because it is not assigned to a repository group that has permissions to access the repository.
They all have Process Roles. I've noticed that they do not have any Repository Permissions checked, but I also have users who do not get the error and also do not have any Repository Permissions checked.
Thank You in advance for any help!
They all have Process Roles. I've noticed that they do not have any Repository Permissions checked, but I also have users who do not get the error and also do not have any Repository Permissions checked.
Thank You in advance for any help!
3 answers
To be clear, You have a user without a group assigned and they are still able to log into the applications?
Map security roles to a user or repository group:
Your user must have at least one of the jazz groups, the JAzzUsers group is a minimum requirement ...
Did you map the groups to all war file, meaning jts, ccm and qm?
If you using WebSphere Application server:
Deploying applications for the Rational solution for Collaborative Lifecycle Management on WebSphere Application Server
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m6/topic/com.ibm.jazz.install.doc/topics/t_deploy_was.html?resultof=%22%6d%61%70%70%69%6e%67%22%20%22%6d%61%70%22%20%22%67%72%6f%75%70%73%22%20%22%67%72%6f%75%70%22%20
Relevant section:
Note: If in the future there will be changes to the LDAP configuration level, you must remap the security roles to the user or repository group for JTS and other installed applications.
If you using tomcat: Review the following
Manually configuring the Apache Tomcat web container to use LDAP
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m6/topic/com.ibm.jazz.install.doc/topics/t_manually_config_tomcat_ldap.html?resultof=%22%6d%61%70%70%69%6e%67%22%20%22%6d%61%70%22%20%22%67%72%6f%75%70%73%22%20%22%67%72%6f%75%70%22%20%22%74%6f%6d%63%61%74%22%20
Hi Albert,
Any user accessing a project area will require at least the Jazzuser repository permission, I'm not sure how users that don't are able to get in, but you should confirm that they don't have a repository permission.
If you are using LDAP repository, permissions are governed by your LDAP structure and how the users are mapped to each group. More information here on that:
Step 9 in http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m6/topic/com.ibm.jazz.install.doc/topics/t_deploy_was.html
If you are using Tomcat registry you can simply check off a Jazzusers repository permission and save the user within jts/admin
Hope this helps.
Hello,
I have had the same error after a deployment of a patch.
Firstly, when your LDAP groups are specific to your enterprise, and they aren't JazzUsers, JazzAdmins ... etc ... , you must declare it on the file tomcat/webapps/<<apps>>/WEB-INF/web.xml.
Then, when you apply a patch, you must delete the folders tomcat/webapps/<<apps>> and deploy it again with new patched war files.
But when the war are deployed, the specific LDAP configuration is not set again on the files WEB-INF/web.xml ...
You must write again the entire LDAP configuration on these files web.xml.
Mathieu
I have had the same error after a deployment of a patch.
Firstly, when your LDAP groups are specific to your enterprise, and they aren't JazzUsers, JazzAdmins ... etc ... , you must declare it on the file tomcat/webapps/<<apps>>/WEB-INF/web.xml.
Then, when you apply a patch, you must delete the folders tomcat/webapps/<<apps>> and deploy it again with new patched war files.
But when the war are deployed, the specific LDAP configuration is not set again on the files WEB-INF/web.xml ...
You must write again the entire LDAP configuration on these files web.xml.
Mathieu
Comments
What exactly did you change in the web.xml file? You may also consider using the method in the below article.
https://jazz.net/library/article/457
You should consult https://jazz.net/library/article/92 and follow the part "Changes in web.xml to support Jazz-LDAP group mapping" when you apply a patch.
This information is not mentionned in the ReadMe.txt on the patch
Mathieu
Comments
Albert Chirighin
May 02 '14, 3:52 p.m.Hi All,
Thank you for the responses. At this point, I've had to hand the issue over to our Jazz Admins as it seems I like the permissions to affect change in a positive manner myself. I'll update this post with what the end resolution is for posterity and for others.
Jin Zhou
Jun 11 '14, 3:48 a.m.Hi.
We are facing the same isue now. It would be great if you can share your final solution here.
Thanks.
Albert Chirighin
Jun 26 '14, 3:34 p.m.Hi Jin, turned out for us that the only thing we could do is remove the users and add them back in. It did fix the issue, but we don't know the root cause. We speculate that something changed in those user ids, like their email address, that caused them to not be able to log in.
I hope this helps!