Updating user roles on WebSphere Application Server after upgrading

After you reinstall or upgrade Rational® Publishing Engine, update the user roles for connecting to the remote services that are deployed to WebSphere® Application Server.

About this task

Table 1. Remote services user roles
Role Capabilities
Document generation user (rpe_docgen_user)
  • Can generate documents remotely or locally from the client applications
  • Can view output files and logs about their local document generation jobs
Document generation administrator (rpe_docgen_admin)
  • Can generate documents remotely or locally from the client applications
  • When used with the rpe_monitor_admin and either the rpe_scheduler_user or rpe_scheduler_admin role, can view output files and logs from the document generation jobs initiated by any user
Central Management component user (rpe_library_user)
  • Can use public assets to design templates
  • Can view public assets from the Document Studio application
Central Management component contributor (rpe_library_contributor)
  • Can use assets to design templates
  • Can view assets from the Document Studio application or the Central Management component administrative user interface
  • Can create assets from the Document Studio application or the Central Management component administrative user interface
  • Can modify their existing assets from the Document Studio application or the Central Management component administrative user interface
  • Can remove their existing assets from the Central Management component administrative user interface
Central Management component administrator (rpe_library_admin)
  • Can use assets that are created by any user
  • Can view assets that are created by any user from the Central Management component administrative user interface
  • Can create assets in Document Studio application or the Central Management component administrative user interface
  • Can modify existing assets that are created by any user from the Document Studio application or the Central Management component administrative user interface
  • Can remove assets created by any user from the Central Management component administrative user interface
Monitor & Control component user (rpe_monitor_user)
  • Can change the state of their document generation jobs
  • Allows their document generation jobs to be monitored by users with the rpe_monitor_admin role
Monitor & Control component administrator (rpe_monitor_admin)
  • When used with the rpe_docgen_admin role, can view output files and logs from the document generation jobs initiated by any user
  • Can change the status of the document generation jobs initiated by any user
Report scheduler component user (rpe_scheduler_user)
  • Can view output files and logs about remote document generation jobs
  • Can create, modify, or delete scheduled jobs for their local or remote document specifications
  • Users who have the rpe_scheduler_user and either the rpe_library_user or rpe_library_contributor roles can create, modify, or delete scheduled jobs for their local, remote, or Central Management document specifications.
    Important: Avoid using individual URLs in the Remote services preferences for the Central Management and the Report scheduling components. When individual URLs are provided in the Remote services preferences rather than one URL for all components, any user with the rpe_scheduler_user role can create, modify, or delete scheduled jobs with private document specifications in the Central Management component. This behavior occurs because the credentials of the user that submitted the asset to the Central Management are applied instead of the credentials of the user working with the schedule.
Report scheduler component administrator (rpe_scheduler_admin)
  • Can view output files and logs about remote document generation jobs
  • Can create, modify, or delete scheduled jobs that they have created
  • Can view the results of remote document generation jobs
  • Users who have the rpe_scheduler_admin and the rpe_monitor_admin roles assigned to them can create, modify, or delete scheduled jobs that anyone has created for local or remote document specifications
  • Users who have the rpe_scheduler_admin, rpe_monitor_admin, and the rpe_library_admin roles assigned to them can create, modify, or delete scheduled jobs that anyone has created for local, remote or Central Management document specifications

Procedure

  1. Open the administrative console in a browser. Example: http://server:port/ibm/console/logon.jsp
  2. Stop the deployed Remote services application:
    1. Click Applications > Enterprise Applications. The rpews.war application you added is listed as the application name you entered.
    2. Select the Remote services application.
    3. Click Stop.
  3. Configure the security roles:
    1. Click Users and Groups > Manage Users.
    2. Click Create and create three users: rpe_admin, rpe_contributor, and rpe_client, if you have not done so already.
    3. To associate roles with the users, navigate to Applications > Enterprise Applications > rpews.war application > Security role to user/group mapping. These are the roles you can associate with the users for each of the services, depending on which services you plant to use:
      • rpe_docgen_user
      • rpe_docgen_admin
      • rpe_library_user
      • rpe_library_contributor
      • rpe_library_admin
      • rpe_monitor_user
      • rpe_monitor_admin
      Tip:
      • See the table in the About this task section above for descriptions of each role.
      • For added security, create more than one client user and give only one the rpe_docgen_user role. The document generations that users create might contain confidential data. By creating two types of users, you can ensure that only users who have permission to view the result outputs can view them.
    4. Associate the user roles with the rpe_client users.
      1. Select rpe_docgen_user.
      2. Click Look up users.
      3. In the Search String field, enter rpe* and click Search.
      4. In the Available column, press the CTRL key, and then select rpe_client. Click >> to add the users to the Selected column.
      5. Click OK.
      1. Select rpe_library_user.
      2. Click Look up users.
      3. In the Search String field, enter rpe* and click Search.
      4. In the Available column, press the CTRL key, and then select rpe_client. Click >> to add the users to the Selected column.
      5. Click OK.
      1. Select rpe_monitor_user.
      2. Click Look up users.
      3. In the Search String field, enter rpe* and click Search.
      4. In the Available column, press the CTRL key, and then select rpe_client. Click >> to add the users to the Selected column.
      5. Click OK.
    5. Associate the contributor and user roles with the rpe_contributor users.
      1. Select rpe_docgen_user.
      2. Click Look up users.
      3. In the Search String field, enter rpe* and click Search.
      4. In the Available column, select rpe_contributor and click >> to add the user to the Selected column.
      5. Click OK.
      1. Select rpe_library_contributor.
      2. Click Look up users.
      3. In the Search String field, enter rpe* and click Search.
      4. In the Available column, select rpe_contributor and click >> to add the user to the Selected column.
      5. Click OK.
      1. Select rpe_monitor_user.
      2. Click Look up users.
      3. In the Search String field, enter rpe* and click Search.
      4. In the Available column, press the CTRL key, and then select rpe_client. Click >> to add the users to the Selected column.
      5. Click OK.
    6. Associate the administrator role with the rpe_admin user.
      1. Select rpe_docgen_admin.
      2. Click Look up users.
      3. In the Search String field, enter rpe* and click Search.
      4. In the Available column, select rpe_admin and click >> to add the user to the Selected column.
      5. Click OK.
      1. Select rpe_library_admin.
      2. Click Look up users.
      3. In the Search String field, enter rpe* and click Search.
      4. In the Available column, select rpe_admin and click >> to add the user to the Selected column.
      5. Click OK.
      1. Select rpe_monitor_admin.
      2. Click Look up users.
      3. In the Search String field, enter rpe* and click Search.
      4. In the Available column, select rpe_admin and click >> to add the user to the Selected column.
      5. Click OK.
      1. Select rpe_scheduler_admin.
      2. Click Look up users.
      3. In the Search String field, enter rpe* and click Search.
      4. In the Available column, select rpe_admin and click >> to add the user to the Selected column.
      5. Click OK.
    7. Click OK and Save directly to the master configuration.
  4. Start the Remote services application:
    1. Click Applications > Enterprise Applications. The rpews.war application you added is listed as the application name you entered.
    2. Select the Remote services application.
    3. Click Start. The following confirmation message displays: Application rpews.war on server server_name and node node_name started successfully.

Feedback