It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×4,712
×4,320

question asked: Dec 29 '12, 9:41 p.m.
question was seen: 5,040 times
last updated: Jan 02 '13, 3:11 p.m.

Related questions

Inconsistent repository permission information inside CLM for a user defined in WAS (non-LDAP)

0
Frank Ning (50025119133) | asked Dec 29 '12, 9:41 p.m.

The Non-LDAP registry with WAS App Server (8.0.3) was used to configure the CLM V4.0.1 with Derby database on Windows. The five Jazz groups were created within WAS and mapped to the CCM, JTS and QM modules. A user was created with WAS under the JazzUsers group and the corresponding user was created within Jazz server. The user was added to some project areas as a project team member. However, the “Repository Permissions” within CLM is inconsistent as described below.

1) Login jts/admin and open the “Active Users”. Click the above mentioned user and view “Repository Permissions”. No group is selected for the user.

 

2)      Login a project area (e.g. ccm/web and select the project) with the above mentioned user. Then view “View My Profile and Licenses”. Now the group for the user is selected under “Repository Permissions” as shown below.  


  
  
So the Jazz knows how to get the group information for the non-ldap user and does show it in some condition. However, I really expect the same information is also shown under jts/admin à active users à user details (click on the user). This is helpful to manage users as a Jazz administrator.  

Do you think this is a defect so that I can open a PMR to have the defect opened and fixed?   

Thanks and Regards  

Frank

2 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Ralph Schoon (63.6k33646) | answered Jan 02 '13, 10:59 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Frank,

have you deployed the JTS and CCM on the same or on two different servers (WAS)?

If you have, I would assume that you would have to configure the users and roles on both WAS or use some network deployment tricks to make sure both have the same information. Unlike with Tomcat authentication Jazz can not write to the WAS local realm, therefore you have to manage the data consistently. I would only use LDAP with WAS, because then, there would be only one place to manage the users.

PS: Derby should only be used for test deployments, not for production.
0
permanent link
Karl Weinert (2.0k52736) | answered Jan 02 '13, 2:58 p.m.
JAZZ DEVELOPER
Frank,

That is expected when you are using the file based authentication with WAS

Note the comment in https://jazz.net/library/article/97
If you are just testing, however, you can also configure a file based realm for application security. This realm will then be used for authentication and authorization, but Jazz will not be able to query what roles a user has or import users.


Comments
1
Bo Chulindra commented Jan 02 '13, 3:11 p.m.
JAZZ DEVELOPER

This behavior is also mentioned in Repository permissions for a user in web UI is not always accurate (231533).

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.