Creating users

Edit online

For a user to authenticate with the IBM® Engineering Lifecycle Management (ELM) applications, they must exist in both the external user registry and the Jazz® Team Server repository. Use these instructions to create new users in the Jazz Team Server repository. If you use the Liberty basic user registry, this procedure also creates the user in the external registry.

Before you begin

If you are using an external registry and want to import a user who exists in the registry into the Jazz Team Server, see Importing users from an external user registry. If you are using LDAP, there is an automatic task for synchronizing user information in the Jazz Team Server with the information in the LDAP registry. Similarly, when Jazz Security Architecture single sign-on (SSO) is enabled and the Jazz Authorization Server is configured to use an LDAP registry, the automatic task synchronizes the user information in the Jazz Authorization Server with information in the LDAP registry. Also, you can manually start the synchronization by running the repotools -syncUsers command.

You must be logged in to the Administration page of the Jazz Team Server or the Administration page of a Change and Configuration Management, Quality Management, or Requirements Management application that is registered with the Jazz Team Server. Also, you must be a member of the JazzAdmins group to have administrative access to create users.

Jazz Security Architecture SSO notes: When Jazz Security Architecture is enabled, the Jazz Authorization Server is configured with a user registry.
  • If the registry is LDAP, configure the Jazz Team Server to synchronize users from the same LDAP registry. For more information, see Managing users on Jazz Authorization Server.
  • If the registry is the Liberty profile's file-based user registry, by default, users who are defined in that registry are not automatically synchronized with the Jazz Team Server. However, you can enable user self-registration so that when a user logs in for the first time, they are registered automatically with the Jazz Team Server. For more information, see Allowing users to register themselves.
For IBM i operating systemNote: If you installed the Jazz Team Server on IBM i, you must create users in different ways based on the authentication mechanism. For more information, see IBM i authentication methods.

About this task

For more information about users and authentication, see the Jazz.net articles TN0029: User Management in Jazz and TN0013: Jazz Team Server Authentication Explained.

Procedure

  1. Log in to the Administration page of the Jazz Team Server or an application that is registered with the server.
    Users are synchronized across a Jazz Team Server and the applications that are registered with that server. Therefore, you can create a new user either through the Administration page of the Jazz Team Server or through the Administration page of an application that is registered with the Jazz Team Server.
    • For the Jazz Team Server:
      1. Point your web browser to https://[fully qualified hostname]:9443/jts/admin
        Remember: The [fully qualified hostname] is the host name along with the DNS domain reference of the machine on which the Jazz Team Server is installed.
      2. On the Server Administration page, click Users > Active Users.
    • For an application registered with the server:
      1. Point your web browser to https://[fully qualified hostname]:9443/[application]/web to access the application, where [application] is, for example, ccm.
      2. Click the Administration icon in the toolbar and select Manage Users.
  2. Click Create User, and then complete the following fields:
    • In the User Name field, type a user name.
    • In the User ID (case sensitive) field, type a unique user identifier.
    • In the E-mail Address field, type an email address.
  3. In the Repository Permissions section, select the appropriate user permissions.
    Repository group assignments control user access to the Jazz repository. Assign one or more of the following groups for a new user:
    Note: If you are changing the role of an existing user, the user must log out of the system and log back in before the new role can take effect.
    Table 1. Repository permissions
    Permission Description
    JazzGuests Users with read-only access to the Jazz Repository.
    JazzUsers Users with regular read/write access to the Jazz Repository.
    JazzProjectAdmins Administrators who have the same access as JazzUsers plus permission to perform the following operations:
    • Create and modify all process templates.
    • Create project areas and team areas.
    • Modify the access control settings for project areas.
    • Save project areas regardless of the role permission settings in the project areas, which include the ability to generate team member invitations. This override ability does not extend to project areas to which the user does not have read-access.
    Tip: The JazzProjectAdmins permission is intended for users who need to create project areas. The leader of a project area does not need JazzProjectAdmins permission to manage that project area. Within a project area, a user who is designated as administrator has full read/write access for that project area.
    JazzAdmins Administrators of a Jazz Repository with full read/write access.
    Note: Passwords and repository permissions are valid only if the server is running a secure connection. When you create a user, the default password is the same as the User ID. To change the user password, log on to the server as the user and edit the user properties. In the Eclipse client, to edit user properties, in the Team Artifacts view, right-click the user repository connection; then, click Open My User Editor.
    Note: If you use an external user registry, users are able to log in, but repository group information is not displayed in the user editor.
  4. In the Client Access Licenses section, select the appropriate license type.
  5. Click Save.