Setting user roles for external collaboration
Assign the EMPLOYEE_EXTENDED role to internal users who are allowed to create content that is visible to external users.
Before you begin
You must start the wsadmin client and load profilesAdmin.py in order to run the commands that set user roles. See Starting the wsadmin client and Running Profiles administrative commands for more information.
The user whose role you set must be registered with Profiles via IBM® Tivoli® Directory Integrator.
About this task
By default, internal users cannot create content that is visible to external users. To allow collaboration between internal users and external users, you must assign the EMPLOYEE_EXTENDED role to the internal users. Only users with the EMPLOYEE_EXTENDED role can create content that can be shared with external users. However, the content can be shared by any internal user.
Procedure
-
Set a role for an individual user.
You can identify the user with an email address or with an external ID.
Option Description ProfilesService.setRole(String user_email_addr, String role) Set the role using an email address. ProfilesService.setRole("ajones277@example.com", EMPLOYEE_EXTENDED) setRole Command processed user role 'employee.extended' for user ajones277@example.com
ProfilesService.setRoleByUserId(String user_external_id, String role) Set the role using an external ID. ProfilesService.setRoleByUserId("8e88c240", EMPLOYEE_EXTENDED) setRole Command processed user role 'employee.extended' for user 8e88c240
Notes:- You can use the getMemberExtIdByEmail("email") or getMemberExtIdByLogin("login") commands to retrieve the external ID of a user. For more information about these commands, see Synchronizing user data using administrative commands
- Although the ID is shown here as an 8 digit hexadecimal number, an ID can be any format, such as a GUID. For example, "ec8a89c0-f41d-102c-9b60-f225bc6c4af4".
- Set the same role for multiple users.Assign the same role to a set of users by listing either user IDs or email addresses in a text file.
- role: The role to assign to each user in the list.
- filename: The name of the text file that
contains the list of users. The file must be locally accessible from
the client environment.Note: If you are processing several hundreds of users, create several files and run them in separate commands.
Option Description ProfilesService.setBatchRole(String role, String filename) Assign the specified role to each user whose email address is listed in the text file. The text file must contain one valid email address per line. ProfilesService.setBatchRole(EMPLOYEE_EXTENDED, "profiles-roles-by-email.txt") setBatchRole request processed Command processed user role 'employee.extended' for users [ JonesA377@example.com, JohnSmith4@example.com, JaneR@example.com ]
ProfilesService.setBatchRoleByUserId(String role, String filename) Assign the specified role to each user whose ID is listed in the text file. The text file must contain one valid user ID per line. ProfilesService.setBatchRoleByUserId(EMPLOYEE_EXTENDED, "profiles-roles-by-userid.txt") setBatchRole request processed Command processed user role 'employee.extended' for users [ 8d579540, 110f82c0, 5876de62, 5426de62 ]
Notes:- You can use the getMemberExtIdByEmail("email") or getMemberExtIdByLogin("login") commands to retrieve the external ID of a user. For more information about these commands, see Synchronizing user data using administrative commands
- Although the IDs are shown here as 8 digit hexadecimal numbers, an ID can be any format, such as a GUID. For example, ec8a89c0-f41d-102c-9b60-f225bc6c4af4.
What to do next
- Retrieve the role that is associated with a user's email address by running the command
ProfilesService.getRoles(String user_email_addr)
.ProfilesService.getRoles("aalain@example.com") [employee]
- Retrieve the role that is associated with a user's directory ID by running the command
ProfilesService.getRolesByUserId(String user_external_id)
.ProfilesService.getRolesByUserId("ec8a89c0-f41d-102c-9b60-f225bc6c4af4") [employee.extended]