It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×4,712
×4,321

question asked: Oct 21 '15, 5:22 a.m.
question was seen: 2,178 times
last updated: Nov 01 '15, 7:43 p.m.

Related questions

How can I create a new Jazz Repository Group

0
Erwin Kunz (94687086) | asked Oct 21 '15, 5:22 a.m.
CLM 6.0

We have extended Jazz with several applications, and would like to manage access rights separately from the existing Jazz Repository Groups (JazzGuest, JazzAdmin, JazzUsers,...)

Is that possible? If yes how?

Thank you
erwin
Comments
Donald Nong commented Oct 22 '15, 6:03 a.m.

You should be more specific. These groups are for "repository", not "projects". What access rights do you have in mind? See table 2 in the below document for more details.
https://jazz.net/help-dev/clm/topic/com.ibm.jazz.platform.doc/topics/c_understanding_user_access_control.html

Erwin Kunz commented Oct 26 '15, 6:34 a.m.

Hi Donald

I need repository groups. It's global not PA specific
I'll  try as Isabel proposed

Thanks
erwin

2 answers

Most liked answers ↑|Newest answers|Oldest answers

1
permanent link
Donald Nong (14.5k614) | answered Oct 30 '15, 6:15 a.m.
Still not quite sure why you need additional groups since the applications will not recognize it any way. You can try the following and see if it works for you.
1. Unpack the <app>.war file to a temporary folder.
2. Locate the file web.xml.
3. Modify the file and add a new <security-role>. Something like
    <security-role>
        <role-name>JazzTesters</role-name>
    </security-role>
4. Zip up the updated content as a new <app>.war file.
5. Re-deploy the <app>.war file to the application server.

If you're using WebSphere, you will see the new security role for mapping. But the URI /<app>/authenticated/identity does not seem to return the new role at all (probably hard coded filtering).
Comments
Ralph Schoon commented Oct 30 '15, 6:39 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

The behavior of the groups is implemented in the applications and as you said Donald, you might be able to add some, but there would be no behavior tied to them. From a Jazz Application standpoint they would be meaningless.

sam detweiler commented Oct 30 '15, 7:28 a.m.

But HE has other code that would give them meaning. (I think)

Erwin Kunz commented Oct 30 '15, 9:47 a.m.

Hi Donald
Thank you for the new input. I'll try it asap. I'm sure that is what I need

Sam is correct. We use Insight for reporting. logon/access control is integrated over oauth and JTS .

Up to now we managed the access over the JazzDWAdmin which allowed to protect resources within Insight. This group is gone with 6.0 because RRDI is not used anymore.

We'd like to manage the Insight access (logon and resource access) with help of LDAP groups mapped to a Jazz Repository Group in JTS and accessed from Insight. We don’t want to have a separate logon in Insight and managing Cognos groups in Insight Portal.

Erwin Kunz commented Oct 30 '15, 9:47 a.m. | edited Oct 30 '15, 9:48 a.m.


Donald Nong commented Nov 01 '15, 7:43 p.m.

Umh... you see the consensus is that if you rely on the Jazz application API, the new group would be meaningless, or even unrecognizable (based on my testing). I was going to suggest you use the JazzDebug group instead, but the /<app>/authenticated/identity API does not return this group either, which is quite strange.

0
permanent link
Isabel Murakami (3811615) | answered Oct 21 '15, 2:50 p.m.
Hello Erwin,

If you mean use more groups, you can configure more than one group using ; between them.
For instance: JazzAdmins=LDAPAdmins1;LDAPAdmins2 maps JazzAdmins group to LDAPAdmins1 and LDAPAdmins2

However keep in mind that they should be at the same Base Group search.
http://www-01.ibm.com/support/knowledgecenter/SSYMRC_6.0.0/com.ibm.jazz.install.doc/topics/r_ldap_config_param.html

But
If you mean to use different LDAP Servers, than you should use Websphere Federated configuration:
https://jazz.net/library/article/97
https://jazz.net/library/article/604 (caveats when using Federated)

Regards,
Isabel
Comments
sam detweiler commented Oct 21 '15, 3:46 p.m.

I think he wants to make MORE groups than Jazz Knows about, but still be able to use the UI to manage permissions..

Erwin Kunz commented Oct 26 '15, 6:31 a.m.

Hi Isabel, Sam

I mean more groups. With 6.0 the JazzDWAdmin is gone an we used this one so far

I'll try to implement the solution you proposed on our test server an will let you know

Thank you so far
erwin


Erwin Kunz commented Oct 29 '15, 6:28 a.m.

Hi Isabel
I did not test your proposal because it's not what i want.

I need an new group in addition to the existing JazzAdmins, <label for="JazzGuestsCheckBox"> JazzGuests </label> , <label for="JazzUsersCheckBox"> JazzUsers </label> , <label for="JazzProjectAdminsCheckBox"> JazzProjectAdmins </label>

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.