System users credentials
It looks like system-defined users (jts_user, ccm_users....) password are stored in the DB when the users are created automatically.
Furthermore these users are visible by any Jazz Project Administrator (in the user list) when adding a new member in a project. For a deployment into an organization with security constraints, is there a way to avoid that ? Is there a way to have these users managed in the Active Directory and to avoid storing the password in the DB ? Thanks. |
2 answers
I don't think these internal users have a password. CLM application will recognize these internal users and (I believe) no authentication is required.
Comments I agree, in fact if you look into the tomcat-users.xml in my experimental environments, these users don't have an entry and thus are not maintained as external users.
jean-claude vauthier
commented Nov 18 '14, 3:45 a.m.
In my environment I can log to the repository using the account ccm_user / ccm_user. This user is part of the list of users and he can be added in the project.
I have these users in the user list. The users are NOT backed up with a password in Tomcat. The users, if opened in the user editor show this:
The user roles could not be retrieved: An error response was received from the Jazz Team Server. Status=400. Message: CRJAZ1231E The following user could not be found in the external user directory: "etl_user"ID CRJAZ1527E I can not log in with the users (don't have the password - I tried the obvious one) this is consistent with the user not showing up in the tomcat-users.xml file. I run 5.x on Tomcat and Derby and I ran a quick setup. Maybe in a different setup this is different. I can only tell you what I see. There are other users e.g. for reporting that you have to provide a dedicated user ID and password. I assume they have to be in LDAP and need to be maintained. I know this has come up with other customers. And, yes, they are normal users that can be added to project areas and the like. And I don't think there is a way to avoid that.
jean-claude vauthier
commented Nov 18 '14, 4:51 a.m.
Just assign a repository permission to ccm_user and you can connect to the jazz repository with ccm_user / ccm_user. It looks like it is not very safe.
Donald Nong
commented Nov 18 '14, 6:08 p.m.
I observe the same behavior in my own environment as Ralph does.
showing 5 of 7
show 2 more comments
|
Frankly, it is very stupid to show the internal user account to the end users or administrators of CLM.
It is confusing and misleading.
I wonder if the administrator of CLM archives the internal user account jts_user or ccm_user for misoperation,
could the CLM still works properly?
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.