Skip to main content

Software  >  WebSphere  >  WebSphere Portal Family  >  

Configuring both nsRole and static group membership is not supported for determining access control in WebSphere Portal

 Technote (troubleshooting)
 
Problem(Abstract)
Certain users are not seeing the expected access rights to resources in WebSphere Portal based on their static group membership.
 
Cause
If a user belongs to a group that has nsRole defined, then the user's static group membership is not found. When WebSphere Portal's member management component, Virtual Member Manager (VMM), finds nsRole defined, VMM stops searching for any other group membership. Thus, the static group membership is not looked up for those users, and therefore the users may not have access to certain resources in WebSphere Portal which include the users' static groups as members in a role.
 
Environment

-WebSphere Portal 6.1.x.x
-SunOne LDAP user registry
 
Resolving the problem

When VMM is configured to use nsRole for group membership information, such as

<config:membershipAttribute name="nsRole" scope="direct"/>

then the static group membership of a user will not be looked up. This is working as designed. VMM Development has no plans at the moment to change this in future releases.

Thus, if "nsRole" is configured for WebSphere Portal groups, static groups should not be configured (do not add additional lines in wimconfig.xml for "membershipAttribute" using a static object class and member attribute). Otherwise, unexpected behavior may occur when determining access control based on group membership.

 
 
 

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Organizational Productivity, Portals & Collaboration
 Portals
 WebSphere Portal
 Security
 Operating system(s):
  AIX, HP-UX, Linux, Solaris, Windows
 Software version:
  6.1
 Software edition:
  Enable, Express, Extend, Server
 Reference #:
  1383621
 IBM Group:
 Software Group
 Modified date:
 2009-11-02

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.