Where does the user role data come from when running repotools -exportusers
Where does the user role data come from when running repotools -exportusers. When I run against a server that's running Tomcat, I don't see any user role data, but when I run against a server with LDAP enabled, the user role data is there.
|
One answer
|
The repotools -exportusers command runs queries against a running server to get contributor/user data. User role data isn't stored in the database on the Jazz Server. So, no role data is returned by the database query calls. In the server itself, requests for contributor roles are typically resolved by calling asking the application server if a user has a particular role. This is how CLM resolved permissions issues tied to user roles. The incoming request has a user, this user has a role. The repotools -exportusers command takes a more direct approach. The command queries directly against the LDAP system and asks what roles the user has. If there is no LDAP -- more generally no ExternalUserRegistry, -- registered then the command doesn't write out the user roles for the user. That's why the non-LDAP Tomcat case doesn't write out the user roles. In the Tomcat non-LDAP case, the roles are in the tomcat/tomcat-users.xml file, and this file isn't accessible by an ExternalUserRegistry. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.
Comments
Note that by "role", Glen is referring to what most of the on-line documentation and UI calls a "repository permission" or sometimes, "repository group permission", i.e. JazzUser, JazzGuests, JazzAdmins, and JazzProjectAdmins. There are some articles that call these permissions "roles" (such as https://jazz.net/library/article/75 ).