default settings for Jazz users created by the CQ connectors
Is there a way to tweak the code within the CQ Connector so that when it creates new Jazz userids, they:
a) Have all email settings disabled, and b) Are created such that the user can't login Note: Our Jazz user base is LDAP authenticated. I saw a note in the Jazz User admin tool, that said: A user that has not been assigned a Client Access License has read-only access to all capabilities. Is it possible to dissallow logins to users without licenses? Thanks, Chris |
3 answers
When the CQ Connector needs to represent the identity of a CQ user in Jazz, it creates a 'Contributor' item to represent the user in Jazz. That does not enable login for the user, since no corresponding entry is created in whatever authentication system you're using (e.g. LDAP). It only allows the user's name, etc., to be displayed when some property of a work item references that user (e.g. Owned By). No license is assigned to such users.
There is no way to control the email settings for a Jazz user identity that is created via synchronization. Is there a way to tweak the code within the CQ Connector so that when it creates new Jazz userids, they: |
|
That doesn't seem to be what happened in our environment. In my user synchronization rule, I created a mapping that mapped ClearQuest user (login_name) martinea to Jazz user id martineau@ca.ibm.com . That user id didn't exist on the Jazz server at that point. I then created a defect as that user in my ClearQuest database. When the connector process ran, it synced the record, and created the Jazz user. I then asked the user to attempt to access the work item via the URL included in the email that was sent to him from RTC when the connector created the work item. As I mentioned, our user database is LDAP enabled, so he logged in with his IBM Intranet ID (LDAP id) martineau@ca.ibm.com and his Intranet PW, and it allowed him to login and see the work item. This was unexpected for me because his id has not permissions and no license, but based on that note that I saw in the user admin tool, it looks like IDs created without licenses or perms can still login.
I just realized though, that I think I can update the Access Control section of the Project Area and select only "Members of the project area hierarchy". This is a bit more restrictive than I want, because I really want to allow any licensed user who also has general Repository Permissions to be able to view the data, and then rely on my internal Project Area roles to determine write access. When the CQ Connector needs to represent the identity of a CQ user in Jazz, it creates a 'Contributor' item to represent the user in Jazz. That does not enable login for the user, since no corresponding entry is created in whatever authentication system you're using (e.g. LDAP). It only allows the user's name, etc., to be displayed when some property of a work item references that user (e.g. Owned By). No license is assigned to such users. Is there a way to tweak the code within the CQ Connector so that when it creates new Jazz userids, they: |
|
If the user already exists in the LDAP repository that you are using for Jazz login authentication, then they'll be able to login. The connector doesn't add the user to LDAP, but if your configuration already allows login access for that user, then the connector won't take it away.
That doesn't seem to be what happened in our environment. In my user synchronization rule, I created a mapping that mapped ClearQuest user (login_name) martinea to Jazz user id martineau@ca.ibm.com . That user id didn't exist on the Jazz server at that point. I then created a defect as that user in my ClearQuest database. When the connector process ran, it synced the record, and created the Jazz user. I then asked the user to attempt to access the work item via the URL included in the email that was sent to him from RTC when the connector created the work item. As I mentioned, our user database is LDAP enabled, so he logged in with his IBM Intranet ID (LDAP id) martineau@ca.ibm.com and his Intranet PW, and it allowed him to login and see the work item. This was unexpected for me because his id has not permissions and no license, but based on that note that I saw in the user admin tool, it looks like IDs created without licenses or perms can still login. When the CQ Connector needs to represent the identity of a CQ user in Jazz, it creates a 'Contributor' item to represent the user in Jazz. That does not enable login for the user, since no corresponding entry is created in whatever authentication system you're using (e.g. LDAP). It only allows the user's name, etc., to be displayed when some property of a work item references that user (e.g. Owned By). No license is assigned to such users. Is there a way to tweak the code within the CQ Connector so that when it creates new Jazz userids, they: |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.