ADMIN user does not have the admin rights
Well, here is a challenge for the experts.
I have installed CALM v3.0.2 as well as 4.0 M5a onto WAS v7 and DB2. I have done the proper configuration in WAS and created the required database resources with repotools.
In WAS admin console I have created the jazz groups for admins, DW admin, users and guests. I have created the users ADMIN and JazzAdmin and added them to the JazzAdmins group.
I have mapped the JTS application groups onto the groups defined in WAS.
Funny thing is that the admin application does not have the "Security role to user/group mapping" section in the cnfiguration page from the WAS console. Upon inspection of the admin.war file, in comparison to the jts.war file, it stands out that the admin application is missing everything security related from the deployment descriptor.
By the way, the same is valid for the rm.war and converter.war files for RRC, but this is a discussion for a different forum section.
Well, the bottom line is that when I try to access the JTS admin application and log on as ADMIn / ADMIN, I get the following error message :
"You are currently logged in to the Admin Web UI as a user without JazzAdmins permissions. Most of the functionality will be unavailable. If you believe you should have full access, please contact your administrator."
Oh, and another behaviour that I suspect is somwhow related to this matter is that when I open the JTS setup wizard, the page where I am supposed to specify the Public URI is missing the edit control for specifying the Public URI. So the setup process stops short.
Bottom line : How do I fix the bloody thing and have a working CALM deployment?
Thank you for any input.
Cheers,
Dan
I have installed CALM v3.0.2 as well as 4.0 M5a onto WAS v7 and DB2. I have done the proper configuration in WAS and created the required database resources with repotools.
In WAS admin console I have created the jazz groups for admins, DW admin, users and guests. I have created the users ADMIN and JazzAdmin and added them to the JazzAdmins group.
I have mapped the JTS application groups onto the groups defined in WAS.
Funny thing is that the admin application does not have the "Security role to user/group mapping" section in the cnfiguration page from the WAS console. Upon inspection of the admin.war file, in comparison to the jts.war file, it stands out that the admin application is missing everything security related from the deployment descriptor.
By the way, the same is valid for the rm.war and converter.war files for RRC, but this is a discussion for a different forum section.
Well, the bottom line is that when I try to access the JTS admin application and log on as ADMIn / ADMIN, I get the following error message :
"You are currently logged in to the Admin Web UI as a user without JazzAdmins permissions. Most of the functionality will be unavailable. If you believe you should have full access, please contact your administrator."
Oh, and another behaviour that I suspect is somwhow related to this matter is that when I open the JTS setup wizard, the page where I am supposed to specify the Public URI is missing the edit control for specifying the Public URI. So the setup process stops short.
Bottom line : How do I fix the bloody thing and have a working CALM deployment?
Thank you for any input.
Cheers,
Dan
2 answers
Dan,
admin and rm are delegating to JTS.
I would suggest to read the upgrade workshop https://jazz.net/library/article/662, because that goes in depth into deploying with LDAP and it has a troubleshooting guide where we collected all the mishaps and what to do.
We have seen that just checking one check box can cause issues.
in the setup page for LDAP there is a link to some more material that help you debugging if your settings are right. You could also use that. There are also log setting you could enable to track LDAP.
On the positive side, we know it works if your LDAP is not too exotic. On the negative side, I found these issues hard to debug. Also WAS sometimes needs to be pushed to really set and keep the settings.
admin and rm are delegating to JTS.
I would suggest to read the upgrade workshop https://jazz.net/library/article/662, because that goes in depth into deploying with LDAP and it has a troubleshooting guide where we collected all the mishaps and what to do.
We have seen that just checking one check box can cause issues.
in the setup page for LDAP there is a link to some more material that help you debugging if your settings are right. You could also use that. There are also log setting you could enable to track LDAP.
On the positive side, we know it works if your LDAP is not too exotic. On the negative side, I found these issues hard to debug. Also WAS sometimes needs to be pushed to really set and keep the settings.
Sorry, I just figured you seem to not use LDAP, however there are similarities. It looks like the user/group association is not working correctly. So I would review if the settings and associations are really set correctly. We also have seen JAZZHOME not being set or some of the security check boxes not being set as supposed to causing funny effects. Sometimes all looks good, but the user is not recognized as Admin or other issues come up.