Permissions Error Deploying Process Definition
Hello -
I am receiving a permissions error when attempting to deploy process definitions from my user in Eclipse and via the web interface. The error message states that the "JazzAdmins" role is required to perform this action. When I view my user in the user editor in both the Eclipse and Web interfaces, I see the JazzAdmins box is checked. This box is also greyed out, as I am using LDAP groups to authenticate. Please advise. |
10 answers
To resolve the issue when using LDAP, your user need to be in the LDAP
group that you have mapped to the JazzAdmins role. RTC cannot modify the LDAP groups, so you'll need to modify the LDAP groups with whatever tool is available for your LDAP setup. Matt Lavin Jazz Server Team shelbyph wrote: Hello - |
My user is in the LDAP group that is mapped to the JazzAdmins role.
To resolve the issue when using LDAP, your user need to be in the LDAP |
The roles for a user displayed in Eclipse and Web UI are based on the information you provided in LDAP page in the setup wizard (https://setverName:9443/jazz/setup). But the authentication or authorization is from the information you provided while configuring the realm in the container (Tomcat / WebSphere).
Can you provide the following information: 1. Are you using Tomcat or WebSphere 2. Do you see any differences between the information present in server.xml and LDAP setup wizard (for e.g. group member attribute) ---- Balaji Jazz Server Team My user is in the LDAP group that is mapped to the JazzAdmins role. To resolve the issue when using LDAP, your user need to be in the LDAP |
|
Are you able to access https://{your server}:9443/jazz/admin or https://{your server}:9443/jazz/setup ?
Did you set roleSubtree=true and userSubTree=true in your server.xml ? For e.g : <Realm> ---- Balaji Jazz Server Team 1. tomcat. |
Looks like the example was not displayed correctly in my previous message..
Realm className="org.apache.catalina.realm.JNDIRealm" debug="9" connectionURL="ldap://ldapserver:389" userBase="ou=Jazz,o=ibm.com" userSearch="(mail={0})" roleBase="ou=people,o=ibm.com" roleSearch="(members={0})" roleName="cn" /> Are you able to access https://{your server}:9443/jazz/admin or https://{your server}:9443/jazz/setup ? 1. tomcat. |
Both of these values are set to "true"
I am able to access both the ADMIN and SETUP web interfaces. |
You are able to view the Admin and setup page. So, you have JazzAdmins role from both Jazz and WAS auth module perspectives. I am not sure why process editor is complaining that you need to have JazzAdmins role to perform the operation.
I will pass this message to the process team. --- Balaji Jazz Server Team Both of these values are set to "true" |
Reviewing this thread I cannot see why you are having a problem deploying
the process definitions. Can you please log a workitem (with screenshots to help with diagnosis) and we will investigate further. Thank you Darins Jazz Process Team "balajik" <balajik> wrote in message news:gdntmd$e7b$1@localhost.localdomain... You are able to view the Admin and setup page. So, you have JazzAdmins |
https://jazz.net/jazz/resource/itemName/com.ibm.team.workitem.WorkItem/63478
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.