Enabling a user with Search Term Manager role to access the Catalogs tool
In this lesson, you add the Search Term Manager role to existing user groups.
About this task
When you require extra access for loading some of the business objects in the tool, new policies can be set up for those Get services. Or, you can add the new role to the user group associated to an existing access control policy that can view those objects.
The wcfApplicationMenuItems definition defines all
the Management Center menu options. For the menu option (tool) you
want to access, locate its wcfApplicationMenuItem element and find
the usage attribute. In this lesson, the Search Term Manager role
is added to the user groups:
- CatalogGroupViewersForOrg
- Add the role to the user group CatalogGroupViewersForOrg associated
to IBM_ViewCatalogTool usage. This allows the role to access the Catalogs
tool and load most of the business objects except attribute dictionary objects.
The CatalogGroupViewersForOrg element resembles the following code
in the wcfApplicationMenuItems definition.
<!--- Application menu item for opening the Catalog Management tool. --> <ApplicationMenuItem actionName="openBusinessObjectEditor" activeIconSrc="catalogActiveTabIcon" displayName="${shellResourceBundle.catalogManagementDisplayName}" id="catalogManagement" inactiveIconSrc="catalogInactiveTabIcon" toolDefinitionName="
catCatalogManagement
" usage="IBM_ViewCatalogTool
"/> - AttributeDictionaryViewersForOrg
- Add the role to the AttributeDictionaryViewersForOrg user group.
The following policy allows user in the AttributeDictionaryViewersForOrg
user group to load attribute dictionary objects.
<Action CommandName="GetAttributeDictionary.IBM_Admin_Summary" Name="GetAttributeDictionary.Summary"/> <ActionGroup Name="Catalog-AttributeDictionary-AttributeDictionaryViewers-AccessProfileActionGroup" OwnerID="RootOrganization"> <ActionGroupAction Name="GetAttributeDictionary.Details"/> <ActionGroupAction Name="GetAttributeDictionary.Summary"/> <ActionGroupAction Name="GetAttributeDictionary.All"/> </ActionGroup> <Policy Name="Catalog-AttributeDictionary-AttributeDictionaryViewers-AccessProfilePolicy" OwnerID="RootOrganization" UserGroup="
AttributeDictionaryViewersForOrg
" ActionGroupName="Catalog-AttributeDictionary-AttributeDictionaryViewers-AccessProfileActionGroup
" ResourceGroupName="AccessProfileResourceGroup" PolicyType="groupableTemplate"/> - WorkspaceToolUsersForOrg
- The role is added to the user group WorkspaceToolUsersForOrg associated
to IBM_WorkspaceManagementTool usage to access the workspace tool.
The WorkspaceToolUsersForOrg element resembles the following code
in the wcfApplicationMenuItems definition.
<!--- Application menu item for opening the Workspace Management tool. --> <ApplicationMenuItem actionName="openBusinessObjectEditor" activeIconSrc="workspaceActiveTabIcon" displayName="${shellResourceBundle.workspaceManagementDisplayName}" id="workspaceManagement" inactiveIconSrc="workspaceInactiveTabIcon" toolDefinitionName="
wspWorkspaceManagement
" usage="IBM_WorkspaceManagementTool
"/>
The code that is defined for CatalogGroupViewersForOrg and WorkspaceToolUsersForOrg is in the LOBTools\WebContent\config\shell\ApplicationMenuItems.def file. The code that is defined for AttributeDictionaryViewersForOrg is in the WCDE_installdir\xml\policies\xml\CatalogAccessControlPolicies.xml access control policy XML file.
Procedure
To add the Search Term Manager role to user groups:
- Open the Organization Administration Console.
- Select .
- In the View menu, select Access Groups
- Add the role to CatalogGroupViewersForOrg user group.
- Under the Name field, locate and click CatalogGroupViewersForOrg. The user group details pages displays.
- Click Criteria. The Criteria page displays.
- In the Select Organization menu, select Root Organization because the Search Term Manager plays a role on this organization.
- In the Select Role menu, select Search Term Manager.
- Select the check box beside For organization.
- Click Add. The Search Term Manager role is added to the Selected roles and organizations list.
- Click OK to save the changes.
- Add the role to AttributeDictionaryViewersForOrg user group.
- Under the Name field, locate and click AttributeDictionaryViewersForOrg. The user group details page displays.
- Repeat steps 4b-4g.
- Add the role to WorkspaceToolUsersForOrg user group.
- Under the Name field, locate and click WorkspaceToolUsersForOrg. The user group details page displays.
- Repeat steps 4b-4g.