For a user to authenticate with the IBM® Engineering Lifecycle Management
applications, they must exist in both the external user registry and the Jazz® Team Server
repository. Use these instructions to create new users in the Jazz Team Server
repository. If you use the Liberty basic user registry, this procedure also creates the user in the
external registry.
Before you begin
If you are using an external registry and want to import a user who exists in the registry into
the Jazz Team Server,
see Importing users from an external user registry. If you are using
LDAP, there is an
automatic task for synchronizing user information in the Jazz Team Server
with the information in the LDAP registry. Similarly, when Jazz Security Architecture single sign-on
(SSO) is enabled and the Jazz Authorization
Server is configured
to use an LDAP registry, the automatic task synchronizes the user information in the Jazz Authorization
Server with
information in the LDAP registry. Also, you can manually start the synchronization by running the
repotools -syncUsers command.
You must be logged in to the Administration page of the Jazz Team Server
or the Administration page of a Change and Configuration Management, Quality
Management, or Requirements Management application that is registered with the Jazz Team Server.
Also, you must be a member of the JazzAdmins group to have administrative access to create
users.
Jazz Security Architecture SSO notes: When Jazz Security Architecture
is enabled, the
Jazz Authorization
Server is configured
with a user registry.
- If the registry is LDAP, configure the Jazz Team Server to synchronize users from the same LDAP
registry. For more information, see Managing users on Jazz Authorization Server.
- If the registry is the IBM WebSphere Liberty's file-based user registry, by default, users who are
defined in that registry are not automatically synchronized with the Jazz Team Server.
However, you can enable user self-registration so that when a user logs in for the first time, they
are registered automatically with the Jazz Team Server.
For more information, see Allowing users to register themselves.
Note: If you installed the
Jazz Team Server
on
IBM i, you must create users in different ways based on the authentication mechanism. For more
information, see
IBM i authentication methods.
About this task
For more information about users and authentication, see the Jazz.net articles TN0029: User Management in
Jazz and TN0013: Jazz Team Server Authentication Explained.
Procedure
- Log in to the Administration page of the Jazz Team Server
or an application that is registered with the server.
Users are synchronized across a
Jazz Team Server
and the applications that are registered with that server. Therefore, you can create a new user
either through the Administration page of the Jazz Team Server
or through the Administration page of an application that is registered with
the Jazz Team Server.
- For the Jazz Team Server:
- Point your web browser to https://[fully qualified
hostname]:9443/jts/admin
Remember: The [fully
qualified hostname] is the host name along with the DNS domain reference of the
machine on which the Jazz Team Server
is installed.
- On the Server Administration page, click .
- For an application registered with the server:
- Point your web browser to https://[fully qualified
hostname]:9443/[application]/web to access the application,
where [application] is, for example, ccm.
- Click the Administration icon in the toolbar and select Manage
Users.
- Click Create User, and then complete the following fields:
- In the User Name field, type a user name.
- In the User ID (case sensitive) field, type a unique user
identifier.
- In the E-mail Address field, type an email address.
- In the Repository Permissions section, select the appropriate user
permissions.
Repository group assignments control user access to the Jazz repository. Assign one or more of
the following groups for a new user:
Note: If you are changing the role of an existing user, the user
must log out of the system and log back in before the new role can take
effect.
Table 1. Repository permissions
Permission |
Description |
JazzGuests |
Users with read-only access to the Jazz
Repository. |
JazzUsers |
Users with regular read/write access to the Jazz Repository. |
JazzProjectAdmins |
Administrators who have the same access as JazzUsers plus permission to
perform the following operations:
- Create and modify all process templates.
- Create project areas and team areas.
- Modify the access control settings for project areas.
- Save project areas regardless of the role permission settings in the project areas, which
include the ability to generate team member invitations. This override ability does not extend to
project areas to which the user does not have read-access.
Tip: The JazzProjectAdmins permission is intended for users who need to create
project areas. The leader of a project area does not need JazzProjectAdmins permission to manage
that project area. Within a project area, a user who is designated as administrator has full
read/write access for that project area.
|
JazzAdmins |
Administrators of a Jazz Repository with
full read/write access. |
Note: Passwords and repository permissions are valid only if the server is running a secure
connection. When you create a user, the default password is the same as the User ID. To change the
user password, log on to the server as the user and edit the user properties. In the Eclipse client,
to edit user properties, in the Team Artifacts view, right-click the user
repository connection; then, click Open My User Editor.
Note: If you use an external user registry, users are able to log in, but repository group
information is not displayed in the user editor.
- In the Client Access Licenses section, select the appropriate
license type.
- Click Save.