The following administrative accounts are assigned during the initialization of the User Application:
RBPM Configuration Administrator
Modifying the mappings for these administrative accounts in the configupdate utility after the installation and initialization process will not work in this release. The check for assigning the administrative roles happens only once. At this time, a property is set that keeps track of when these roles were assigned.
NOTE:To modify the default administrator assignments for the User Application, you must first edit the configupdate.sh or configupdate.bat file and change the -edit_admin property to true. You can then use configupdate to modify the default assignments.
If you want to modify the default assignments for the administrative roles without deleting the Driver (which would cause all role assignments to be removed), you need to perform one of the following actions:
To grant or remove the role assignment through the User Application:
Log in to the User Application as the Security Administrator.
Go to theon the tab.
Select the administrative role you want to change (for example, the Provisioning Administrator).
If you want to remove the current assigned user, then select the user and press thelink.
To add a user, press the assign button where you will need to provide a description and the user to assign the role to and the press thebutton.
To change any or all of the administrative assignments using Configupdate utility:
Stop the Application Server that the User Application WAR is deployed on.
Stop the User Application driver.
Stop the Role and Resource Service Driver.
Launch the configupdate utility.
Change the mappings for the administrative roles outlined above as required.
In, check and click .
(Conditional) To remove the existing (default) users that have been granted the role assignment. Log in to iManager and remove the user from the role, then the role from the user.
Restart the User Application.
Restart the User Application driver.
Restart the Role and Resource Service Driver.
Access the User Application and in the logs you will see the administrative roles will be issued.
The default administrator assignment settings are established at the time you initialize the User Application driver. After the driver has been initialized, you can change the default settings on the Administrator Assignments page, as long as your
admin user account still exists. If the account has been deleted, deactivated, or moved to a different location, you will not be able to log in to make the new assignments. In this case, you need to reset the values in the configupdate utility or delete the initialization property in the User Application driver.
To change the administrator assignment values in the configupdate utility. See, Changing the Assignments in Configupdate Utility.
Alternatively, you can delete the initialization parameter in the User Application driver using iManager:
Log in to iManager.
Intab, browse to > > > and select .
Intab, open .
Find and remove the </property> tag that contains the following </key> tag.
<property> <key>com.novell.idm.security.domain-admin.initialized</key> <value>20090831124642Z</value> </property>
Restart the User Application driver and the Role and Resource Service driver.
Restart the Identity Applications.