Topic
8 replies Latest Post - ‏2012-12-13T14:05:25Z by SystemAdmin
SystemAdmin
SystemAdmin
7615 Posts
ACCEPTED ANSWER

Pinned topic Repository Admin

‏2012-09-25T22:33:51Z |
When you log into the process center, if you are in the tw_admins group, and no one as messed with any settings, you are a repository admin. This means that you get a 4th tab at the top of the page called "Admin" where you can control who can login to the Process Center, and if that person also sees this admin tab (as well as other features). By default tw_admins are in this list and have "Admin" checked as a property. Now if someone went and unchecked this for tw_admins, and didn't add anyone else back in, does anyone have an idea where this gets set in the DB? I have a customer where tw_admins are not seeing this tab and want to confirm no one did anything foolish to the configuration, but looking at my install, where I can see that value, I can't figure out where the value is getting stored.

Any help is appreciated. I don't see any good candidates in lsw_usr_grp_xref table, and I've looked at the names of all the other tables and none seem to be good candidates.

Andrew Paier | Director of Special Operations | BP3 Global, Inc. www.bp-3.com
Updated on 2012-12-13T14:05:25Z at 2012-12-13T14:05:25Z by SystemAdmin
  • vlit
    vlit
    767 Posts
    ACCEPTED ANSWER

    Re: Repository Admin

    ‏2012-09-26T07:01:51Z  in response to SystemAdmin
    Hi Andrew,

    I don't want to make a deep analyze, but for one of my environments the workaround is:

    INSERT INTO DB2INST1.LSW_ACL_ENTRY (ACL_ENTRY_ID, PO_ID, MASK, PO_TYPE, GROUP_ID) VALUES (1404, 'a0c73b26-a6fb-496c-b280-dbd4bf093c4a', 127, 5000, 3);

    where 1404 - last index number in the table + 1
    'a0c73b26-a6fb-496c-b280-dbd4bf093c4a' - guess yourself :) It is different in all servers.
    127 and 5000 - by default
    3 - index of tw_admins group

    Regards!

    Vladlen.
    • SystemAdmin
      SystemAdmin
      7615 Posts
      ACCEPTED ANSWER

      Re: Repository Admin

      ‏2012-09-26T14:36:59Z  in response to vlit
      Vladlen -

      YOU ROCK! Thank you. For anyone else struggling with this, here is what I could decode from looking at a "good" enviornment. (Haven't yet checked the customer's environment). Note that this is not documented and could change at any time, so use at your own risk.

      This table seems to have all the rights for the various items in the repository, like process apps and toolkits, but for my specific question.

      PO_TYPE = 5000 is the repository object.
      MASK is the type of access. 127 appears to be full admin, 63 is access without admin. 5 appears to be read only on Process Apps
      PO_ID is the value of "Installation GUID" in the LSW_SYSTEM table.
      GROUP_ID and USER_ID are, hopefully self explanatory. In my data they are mutually exclusive.
      Andrew Paier | Director of Special Operations | BP3 Global, Inc. www.bp-3.com
      • SystemAdmin
        SystemAdmin
        7615 Posts
        ACCEPTED ANSWER

        Re: Repository Admin

        ‏2012-09-26T15:42:01Z  in response to SystemAdmin
        Oh, and for the lazy - query to show you the entries you care about in your server

        
        select acl.* from LSW_ACL_ENTRY acl, LSW_SYSTEM sys where sys.key = 
        'InstallationGUID' and sys.value = acl.po_id
        


        Andrew Paier | Director of Special Operations | BP3 Global, Inc. www.bp-3.com
        • SystemAdmin
          SystemAdmin
          7615 Posts
          ACCEPTED ANSWER

          Re: Repository Admin

          ‏2012-09-26T21:29:01Z  in response to SystemAdmin
          Hmmm… Apparently that syntax works on DB2, but "sys" is a reserved word in MS-SQL. Try this

          
          select acl.* from LSW_ACL_ENTRY acl, LSW_SYSTEM lsws where lsws.key = 
          'InstallationGUID' and lsws.value = acl.po_id
          


          Andrew Paier | Director of Special Operations | BP3 Global, Inc. www.bp-3.com
          • SystemAdmin
            SystemAdmin
            7615 Posts
            ACCEPTED ANSWER

            Re: Repository Admin

            ‏2012-12-07T19:23:25Z  in response to SystemAdmin
            Andrew

            Thanks for sharing this information.

            I'm using BPM Advanced 8.0.0, and I noted that the LSW_SYSTEM table names have changed from key and value to propkey and propvalue.

            I created the tables using the scripts generated by BPM's own tool.

            Your tip helped me overcome a problem where bootstrapProcessServerData.sh was failing with: -

            INFO: CWLLG2155I: Cache settings read have been from file file:/opt/IBM/WebSphere80/AppServer/BPM/Lombardi/process-server/twinit/lib/basic_resources.jar!/LombardiTeamWorksCache.xml.
            Exception in thread "P=248348:O=0:CT" com.lombardisoftware.client.security.AuthorizationDeniedException: You are not authorized to make changes to items in this context
            at com.lombardisoftware.client.security.AuthorizationUtils.deny(AuthorizationUtils.java:120)

            Once I inserted the InstallationGUID value into the table, using this SQL: -

            INSERT INTO DB2INST1.LSW_ACL_ENTRY (ACL_ENTRY_ID, PO_ID, MASK, PO_TYPE, GROUP_ID) VALUES (1404, '53c5c0a3-0d2b-4822-b94c-5722a59d5227', 127, 5000, 3);

            all was well.

            Thanks again

            Dave
            • SystemAdmin
              SystemAdmin
              7615 Posts
              ACCEPTED ANSWER

              Re: Repository Admin

              ‏2012-12-07T20:23:10Z  in response to SystemAdmin
              For the record, I've posted a more full account of the issue that I saw on my personal blog: -

              http://portal2portal.blogspot.co.uk/2012/12/comlombardisoftwareclientsecurityauthor.html
              • vlit
                vlit
                767 Posts
                ACCEPTED ANSWER

                Re: Repository Admin

                ‏2012-12-08T20:11:25Z  in response to SystemAdmin
                Dave,

                1404 - it is index of string. It was 1404 in my case. It can be occupied in your table.
                You need to use the last index of the table + 1.

                Vladlen.
                • SystemAdmin
                  SystemAdmin
                  7615 Posts
                  ACCEPTED ANSWER

                  Re: Repository Admin

                  ‏2012-12-13T14:05:25Z  in response to vlit
                  Hi Vladlen

                  Good point - I did check that 1404 wasn't already taken before I did the insert :-)

                  Thanks

                  Dave