Configuring users for the Remote services application on Apache Tomcat

Configure the users for the remote services on an Apache Tomcat server by using these steps.

Before you begin

You must install Apache Tomcat, Rational® Publishing Engine, and the Remote services application, and then deploy it before you can configure the users and the Java™ options.

About this task

For more information about how user names and passwords are stored, see Security considerations for IBM® Rational Publishing Engine.

Table 1. Remote services user roles
Role Capabilities
Document generation user (rpe_docgen_user)
  • Can generate documents remotely or locally from the client applications
  • Can view output files and logs about their local document generation jobs
Document generation administrator (rpe_docgen_admin)
  • Can generate documents remotely or locally from the client applications
  • When used with the rpe_monitor_admin and either the rpe_scheduler_user or rpe_scheduler_admin role, can view output files and logs from the document generation jobs initiated by any user
Central Management component user (rpe_library_user)
  • Can use public assets to design templates
  • Can view public assets from the Document Studio application
Central Management component contributor (rpe_library_contributor)
  • Can use assets to design templates
  • Can view assets from the Document Studio application or the Central Management component administrative user interface
  • Can create assets from the Document Studio application or the Central Management component administrative user interface
  • Can modify their existing assets from the Document Studio application or the Central Management component administrative user interface
  • Can remove their existing assets from the Central Management component administrative user interface
Central Management component administrator (rpe_library_admin)
  • Can use assets that are created by any user
  • Can view assets that are created by any user from the Central Management component administrative user interface
  • Can create assets in Document Studio application or the Central Management component administrative user interface
  • Can modify existing assets that are created by any user from the Document Studio application or the Central Management component administrative user interface
  • Can remove assets created by any user from the Central Management component administrative user interface
Monitor & Control component user (rpe_monitor_user)
  • Can change the state of their document generation jobs
  • Allows their document generation jobs to be monitored by users with the rpe_monitor_admin role
Monitor & Control component administrator (rpe_monitor_admin)
  • When used with the rpe_docgen_admin role, can view output files and logs from the document generation jobs initiated by any user
  • Can change the status of the document generation jobs initiated by any user
Report scheduler component user (rpe_scheduler_user)
  • Can view output files and logs about remote document generation jobs
  • Can create, modify, or delete scheduled jobs for their local or remote document specifications
  • Users who have the rpe_scheduler_user and either the rpe_library_user or rpe_library_contributor roles can create, modify, or delete scheduled jobs for their local, remote, or Central Management document specifications.
    Important: Avoid using individual URLs in the Remote services preferences for the Central Management and the Report scheduling components. When individual URLs are provided in the Remote services preferences rather than one URL for all components, any user with the rpe_scheduler_user role can create, modify, or delete scheduled jobs with private document specifications in the Central Management component. This behavior occurs because the credentials of the user that submitted the asset to the Central Management are applied instead of the credentials of the user working with the schedule.
Report scheduler component administrator (rpe_scheduler_admin)
  • Can view output files and logs about remote document generation jobs
  • Can create, modify, or delete scheduled jobs that they have created
  • Can view the results of remote document generation jobs
  • Users who have the rpe_scheduler_admin and the rpe_monitor_admin roles assigned to them can create, modify, or delete scheduled jobs that anyone has created for local or remote document specifications
  • Users who have the rpe_scheduler_admin, rpe_monitor_admin, and the rpe_library_admin roles assigned to them can create, modify, or delete scheduled jobs that anyone has created for local, remote or Central Management document specifications

Configuring users and user roles

Procedure

  1. Open the Apache Tomcat Manager
    • If you are running Apache Tomcat as a Windows service, open the Control Panel and, in the Apache Tomcat row, click Admin. Then click Manager App.
    • If you are not running Apache Tomcat as a Windows service, open the Apache Tomcat Manager in a browser in the following format: http://server:port/manager/html

      Example: http://localhost:8080/manager/html.

  2. Stop the deployed Remote services application. In the Applications section, locate the rpews.war application row and click Stop.
  3. Create Apache Tomcat users and roles for the Remote services components.
    1. Open the tomcat-users.xml file, which is located by default in $CATALINA_HOME\conf\tomcat-users.xml.
    2. Add the user, contributor, and administrator roles for the services you are using.
      Tip:
      • See the table in the About this task section above for descriptions of each role.
      • For added security, create more than one client user and give only one the rpe_docgen_user role. The document generations that users create might contain confidential data. By creating two types of users, you can ensure that only users who have permission to view the result outputs can view them.
      <role rolename="rpe_docgen_admin" />
      <role rolename="rpe_docgen_user" /> 
      <role rolename="rpe_library_user"/>
      <role rolename="rpe_library_contributor"/>
      <role rolename="rpe_library_admin"/>
      <role rolename="rpe_monitor_user"/>
      <role rolename="rpe_monitor_admin"/>
      <role rolename="rpe_scheduler_user"/>
      <role rolename="rpe_scheduler_admin"/>
    3. Add at least one administrator and assign the administrator both the administrator and the user roles for the services you are using. Example:
      <user username="rpe_admin" password="password" roles="rpe_docgen_admin,rpe_library_admin,rpe_monitor_admin,rpe_scheduler_admin,rpe_docgen_user,rpe_library_user,rpe_monitor_user,rpe_scheduler_user,rpe_library_contributor"/>
    4. Add at least one client user. Assign the client user the user roles for the services you are using. Example:
      <user username="rpe_client" password="password" roles="rpe_docgen_user,rpe_library_user,rpe_monitor_user,rpe_scheduler_user"/>
      <user username="rpe_contributor" password="password" roles="rpe_docgen_user,rpe_library_contributor,rpe_monitor_user,rpe_scheduler_user"/>
    5. Optional: Add additional client and contributor users. Example:
      <user username="user1" password="password" roles="rpe_docgen_user,rpe_library_contributor,rpe_monitor_user"/>
  4. Start the Remote services application. In the Applications section of the Apache Tomcat Manager, locate the rpews.war application row and click Start.

Feedback