Where does the user role data come from when running repotools -exportusers
One answer
The repotools -exportusers command runs queries against a running server to get contributor/user data. User role data isn't stored in the database on the Jazz Server. So, no role data is returned by the database query calls.
In the server itself, requests for contributor roles are typically resolved by calling asking the application server if a user has a particular role. This is how CLM resolved permissions issues tied to user roles. The incoming request has a user, this user has a role.
The repotools -exportusers command takes a more direct approach. The command queries directly against the LDAP system and asks what roles the user has. If there is no LDAP -- more generally no ExternalUserRegistry, -- registered then the command doesn't write out the user roles for the user. That's why the non-LDAP Tomcat case doesn't write out the user roles.
In the Tomcat non-LDAP case, the roles are in the tomcat/tomcat-users.xml file, and this file isn't accessible by an ExternalUserRegistry.
Comments
Geoffrey Clemm
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER May 31 '15, 10:29 p.m.Note that by "role", Glen is referring to what most of the on-line documentation and UI calls a "repository permission" or sometimes, "repository group permission", i.e. JazzUser, JazzGuests, JazzAdmins, and JazzProjectAdmins. There are some articles that call these permissions "roles" (such as https://jazz.net/library/article/75 ).
1 vote