What you need to know about technical user of IBM BPM document store
Jia Tang 3100009WTC Comments (2) Visits (11121)
The technical user is a system user, used by IBM Business Process Manager (BPM) to connect to the document store using Content Management Interoperability Service (CMIS).
You can identify the technical user for BPM Document Store by checking WebSphere Application Server (WAS) Admin Console.
So in this environment, the deadmin is the technical user for document store.
According to my support experience, most of the document store connection problems are caused by incorrect technical user. Here I list some usual faults.
For example, in the environment with above setting, if you want to change the user from deadmin to admin for BPMAdminAlias_De1, you must follow below steps,
If you did not add the new user to document store technical user, you will lose access document store. You need to roll back the authentication alias change, and redo above steps to resolve the problem. This applies to the scenario when you change authentication alias of role “Emb
This could happen when you make security configuration change, but then you realize the document store can’t be accessed after remove the technical user. So you create same user again, but it still does not work.
Authorization to the IBM BPM document store is based on unique IDs instead of user name/password. If the IBM BPM document store was initialized during initial server startup, only the same user (with the same unique ID) can manage the IBM BPM document store and access its documents.
If you remove the technical user and recreate it in same file registry, the uuid of the user will be changed although the user name and password could be same.
The externalId and uniqueId should be same as the previous ones. If you have backup of the fileRegistry.xml before security change, you can copy and paste the previous externalId and uniqueId to current fileRegistry.xml to fix the problem. If you did not make a backup before the change, please contact IBM support, we will be able to help you identify the user id from document store DB table, and they you can replace the ones in fileRegistry.xml with the one stored in DB table.
Because duplicate users are not allowed in federated repository, which means that you cannot connect to an LDAP server that contains the same users that you have in your file repository. In this circumstance, you remove the file-based and add LDAP. But a user in LDAP with the same user ID does not have access to the IBM BPM document store. You will be unable to access document store due to same reason as 2. In order to resolve it,
Dropping all document store ( EmbeddedECM ) tables and sequences is another simple but crude possible solution for document store access issues. Because during server startup, the tables and sequences will be created automatically based on profile configuration. But please don’t take the steps unless IBM BPM support ask.
Firstly you need to make sure the DB has been offline back up before taking further steps. And ensure there are no content stored in the document store.
FileNet has published their database schema in their product documentation: Object Store Table Schemas
The above table list does not contain the 4 global configuration data tables: