In this release, the following administrative accounts are assigned once during the initialization of the User Application:
Compliance Administrator
Provisioning Administrator
RBPM Configuration Administrator
Resource Administrator
Roles Administrator
Security Administrator
Modifying the mappings for these administrative accounts in the configupdate utility after the installation and initialization process will not work in this release. The check for assigning the administrative roles happens only once. At this time, a property is set that keeps track of when these roles were assigned.
NOTE:To modify the default administrator assignments for the User Application, you must first edit the configupdate.sh or configupdate.bat file and change the -edit_admin property to true. You can then use configupdate to modify the default assignments.
If you want to modify the default assignments for the administrative roles without deleting the Driver (which would cause all role assignments to be removed), you need to follow one of the three procedures shown below.
To grant or remove the role assignment through the User Application:
Login to the User Application as the Security Administrator.
Go to the Roles Catalog on the Roles and Resources tab.
Select the administrative role you want to change (for example, the Provisioning Administrator).
Select Edit.
Select the Assignments tab.
If you want to remove the current assigned user, then select the user and press the Remove link.
To add a user, press the assign button where you will need to provide a description and the user to assign the role to and the press the Assign button.
To change any or all of the administrative assignments and keep the existing (default) users that have been granted the role assignment:
Stop the Application Server that the User Application WAR is deployed on.
Stop the User Application Driver.
Stop the Roles and Resource Service Driver.
Launch the configupdate utility.
Change the mappings for the administrative roles outlined above as required, and then press OK.
Using either iManager or ConsoleOne, go to %DriverSet% -> %userApplication Driver% -> AppConfig -> AppDefs -> Configuration. Then, go to the Other tab and open the XMLData.
Find the following entry:
<property>
<key>com.novell.idm.security.domain-admin.initialized</key>Delete the entry, from <property> to </property>. For example:
<property>
<key>com.novell.idm.security.domain-admin.initialized</key>
<value>20090831124642Z</value>
</property>Close and Save.
Restart the User Application.
Restart the User Application Driver.
Restart the Roles and Resource Service Driver.
Access the User Application and in the logs you will see the administrative roles will be issued.
To change any or all of the administrative assignments and remove the existing (default) users that have been granted the role assignment:
Stop the Application Server that the User Application WAR is deployed on.
Stop the User Application Driver.
Stop the Roles and Resource Service Driver.
Launch the configupdate utility.
Change the mappings for the administrative roles outlined above as required, and then press OK.
Using either iManager or ConsoleOne, go to %DriverSet% -> %userApplication Driver% -> AppConfig -> AppDefs -> Configuration. Then, go to the Other tab and open the XMLData.
Find the following entry:
<property>
<key>com.novell.idm.security.domain-admin.initialized</key>Delete the entry, from <property> to </property>. For example:
<property>
<key>com.novell.idm.security.domain-admin.initialized</key>
<value>20090831124642Z</value>
</property>Close and Save.
Using either ConsoleOne or iManager, remove the user from the role and then the role from the user.
Restart the User Application.
Restart the User Application Driver.
Restart the Roles and Resource Service Driver.
Access the User Application and in the logs you will see the administrative roles will be issued.