It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×4,692
×4,288

question asked: Nov 17 '14, 6:06 a.m.
question was seen: 4,292 times
last updated: Jan 22 '18, 3:30 a.m.

Related questions

FAQ - How this Forum works

System users credentials

0
1
jean-claude vauthier (22634856) | asked Nov 17 '14, 6:06 a.m.
It looks like system-defined users (jts_user, ccm_users....)  password are stored in the DB when the users are created automatically.   

Furthermore these users are visible by any Jazz Project Administrator (in the user list) when adding a new member in a project.  

For a deployment into an organization with security constraints, is there a way to avoid that ?

Is there a way to have these users managed in the Active Directory and to avoid storing the password in the DB  ?  

Thanks.

2 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Donald Nong (14.5k414) | answered Nov 17 '14, 8:11 p.m.
I don't think these internal users have a password. CLM application will recognize these internal users and (I believe) no authentication is required.
Comments
Ralph Schoon commented Nov 18 '14, 2:02 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

I agree, in fact if you look into the tomcat-users.xml in my experimental environments, these users don't have an entry and thus are not maintained as external users.

jean-claude vauthier commented Nov 18 '14, 3:45 a.m.

In my environment I can log to the repository using the account ccm_user / ccm_user.  This user is part of the list of users and he can be added in the project. 

 Very strange.  Maybe an error during the setup....

Do you confirm that these users are visible in the list of users ?
Do you confirm that it is possible to add these internal users in the project area ?
Do you confirm that it is possible to log to the JTS using the credentials of these users ?

Thanks a lot

            Jean-Claude

Ralph Schoon commented Nov 18 '14, 4:29 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

I have these users in the user list. The users are NOT backed up with a password in Tomcat. The users, if opened in the user editor show this:

The user roles could not be retrieved: An error response was received from the Jazz Team Server. Status=400. Message: CRJAZ1231E The following user could not be found in the external user directory: "etl_user"ID CRJAZ1527E

I can not log in with the users (don't have the password - I tried the obvious one) this is consistent with the user not showing up in the tomcat-users.xml file.

I run 5.x on Tomcat and Derby and I ran a quick setup. Maybe in a different setup this is different. I can only tell you what I see.

There are other users e.g. for reporting that you have to provide a dedicated user ID and password. I assume they have to be in LDAP and need to be maintained. I know this has come up with other customers.

Ralph Schoon commented Nov 18 '14, 4:32 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

And, yes, they are normal users that can be added to project areas and the like. And I don't think there is a way to avoid that.

jean-claude vauthier commented Nov 18 '14, 4:51 a.m.

Just assign a repository permission to ccm_user and you can connect to the jazz repository with ccm_user / ccm_user.  It looks like it is not very safe.

Ralph Schoon commented Nov 18 '14, 5:00 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
  1. Why would I do that
  2. It still does not work - my user is claimed to be unrecognizable
  3. If I would add the user to LDAP/tomcat_users.xml I could probably use that account and also change the password.
Donald Nong commented Nov 18 '14, 6:08 p.m.

I observe the same behavior in my own environment as Ralph does.

showing 5 of 7 show 2 more comments
0
permanent link
Albert Yao (5411322) | answered Jan 22 '18, 3:30 a.m.

Frankly, it is very stupid to show the internal user account to the end users or administrators of CLM.

It is confusing and misleading.
I wonder if the administrator of CLM archives the internal user account jts_user or ccm_user for misoperation,
could the CLM still works properly?

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.