Creating roles

Roles provide a way to govern the functions users can access. They are configured in the web.xml and userRoles.properties files within the RDMClientEAR. Roles are given authorization for functions within InfoSphere® MDM Reference Data Management Hub within the acl.properties file.

Prerequisites
Creating groups in the WebSphere Application Server repository
Creating custom groups in InfoSphere MDM Reference Data Management Hub
Creating and assigning users

About this task

The default roles that are preinstalled with InfoSphere MDM Reference Data Management Hub are:
  • Steward: access to sets and mappings
  • Approver: access to sets and mappings
  • Approver 2: access to sets and mappings
  • Integrator: access to sets and managed systems
  • Administrator: access to managed systems and data types
  • Custom: access to the custom page
OPTIONAL: Follow this procedure to create additional roles as needed.

Procedure

  1. In the administrative console, stop the RDMClientEAR application if it exists.
  2. Undeploy the InfoSphere MDM Reference Data Management Hub application if it exists.
  3. Create a group, if needed.
    1. Browse to Users and Groups > Manage Groups.
    2. In the Manage Groups section, click Create.
    3. On the Create a Group page, add the new group.
    4. Click Create.
  4. Create a user, if needed.
    1. Expand the Users and Groups menu and select Manage Users.
    2. On the Manage Users screen, click Create.
    3. In the Create a User page, type a User ID.
    4. Click Group Membership and add the group or groups to which you want each user to belong.
    5. Provide a password for the user.
  5. Open the RDMClientEAR.ear/META-INF/application.xml file in a plain text editor to add the security-role.
    Image depicting a security role that is called Tequilero that was added to the application.xml file.
  6. Open the RDMClientEAR.ear/META-INF/ibm-application-bnd.xml file in a plain text editor to add the role mapping.
    Image depicting a security role that is called Tequilero that was mapped to the group RDMRole_Tequileros in the ibm-application-bnd.xml file.
  7. Open the RDMClientEAR.ear/RDMClientWeb.war/WEB-INF/web.xml file in a plain text or XML editor to add security constraints for the role.
    Image depicting a role name that is called Tequilero that was added to the auth-constraint section of the web.xml file.
  8. Open the RDMClientEAR.ear/RDMClientWeb.war/WEB-INF/web.xml file in a plain text or XML editor to add the role.
    Image depicting a security role that is called Tequilero that was added to the web.xml file.
  9. Open the RDMClientEAR.ear/RestAPI.war/WEB-INF/web.xml file in a plain text or XML editor to add the role.
    Image depicting a security role that is called Tequilero that was added to the web.xml file within the RestAPI war container.
    Note: It is not necessary to add the security constraint to the RestAPI.war/WEB-INF/web.xml file as you did in the RDMClientWeb.war/WEB-INF/web.xml file.
  10. Open the RDMClientEAR/RestAPI.war/WEB-INF/classes/acl.properties file in a plain text editor.
  11. For each new role, add a line to the Role = State:Action section by using the format: Role = State:Action. Multiple state:action pairs are separated by a comma. States are defined in the table CDRDSTATETP while actions are listed in CDRDACTIONTP.
    Image depicting the states and actions for a role that is called Tequilero that was added to the acl.properties file.
  12. Open the RDMClientEAR/RestAPI.war/WEB-INF/classes/userRoles.properties file in a plain text editor to add the new role to the end of the UserRoles = line, separated from the previous role by a comma.

    The role names that you provide here are displayed in the user interface exactly as you type them.

  13. Add a line that uses the format role_name = function_name.
    Image depicting the user role that is called Tequilero with access to the sets tab that was added to the user.properties file.
  14. Save all edited files within the RDMClientEAR.ear file.
  15. Redeploy the InfoSphere MDM Reference Data Management Hub application in the administrative console by choosing Applications > New Application > New Enterprise Applications > FastPath > Accept default setup.
  16. On the WebSphere Enterprise Applications page, select the file RDMClientEAR.ear and click Start to restart the application.
  17. Clear the browser cache before attempting to log in with the new user name and role.
Previous topic: Creating and assigning users
Next topic: Associating groups and roles
Related tasks:
Creating and assigning users
Related reference:
Properties files and default values

Last updated: 22 Mar 2017