IBM Support

JR48507: PROVIDE SCRIPTS AND ADMINISTRATIVE TASKS TO MANUALLY TRIGGER GROUP MEMBERSHIP REFRESH

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Group membership for users is currently refreshed upon logging
    in to the Process Portal. In certain scenarios, it is necessary
    to update group membership triggered by a script or
    administrative task to avoid time consuming refresh operations
    upon login. This interim fix provides such scripts and
    administrative tasks.
    

Local fix

  • n/a
    

Problem summary

  • Provide scripts and administrative tasks to manually trigger
    group membership refresh
    
    PROBLEM DETAILED DESCRIPTION:
    During login into the portal, group membership that is stored in
    the WebSphere Application Server's User Registry is updated for
    the user that logs. If a change is detected, this change is
    reflected in the database and relevant participant groups. Task
    specific or participant group specific expressions, so called
    dynamic groups, might also be affected by this change in the
    group membership. Therefore, all dynamic groups are updated to
    reflect the correct membership and authorization. In certain
    scenario or if there are many dynamic groups in the system, the
    login into the portal might take very long.
    
    To get around this performance issue, there are two
    administrative actions to execute:
    I. Disable refresh of dynamic groups during login.
    1. Locate the configuration file 100Custom.xml in your server /
    cluster environment and add this configuration option:
       <server merge="mergeChildren">
         <update-dynamic-groups-on-login>false
         </update-dynamic-groups-on-login>
       </server>
    2. Synchronize all nodes so the updated configuration is
    applied to all servers.
    3. Restart the server / cluster members to allow them to pick
    up the updated configuration.
    4. You can verify the correct configuration by inspecting the
    file TeamWorksConfiguration.running.xml in your profile's
    config directory.
    
    II. Execute the administrative script groupMembershipFullUpdate
    that is provided by this interim fix to update group membership
    and dynamic groups by an administrator.
    This interim fix provides four new administrative scripts
    and AdminTasks for usage by wsadmin which were originally
    introduced in version 8.5:
    
    groupMembershipFullUpdate [options]
    Updates the User Registry group membership of all users that
    are known to BPM. At the end of the group membership update,
    dynamic groups are updated once if at least one group
    membership update was detected.
    
    groupMembershipUpdate [options] <userID1> <userID2> ...
    <userIDn>
    Updates the User Registry group membership of the users passed
    with this command. If an user ID is passed that is unknown to
    BPM, this users is created within BPM. At the end of the group
    membership update, dynamic groups are updated once if at least
    one group membership update was detected.
    
    usersFullSync [options]
    Synchronizes all users available from the User Registry. No
    group membership is updated. This admin task is equivalent to
    the "Full Synchronize" command in the Process Admin Console.
    
    usersSync [options] <userID1> <userID2> ... <userIDn>
    Synchronizes the passed users from LDAP. No group membership is
    updated. This admin task is equivalent to the "Synchronize"
    command in the Process Admin Console.
    
    Options:
      -username <username> -password <password> -host
        <server host name> -port <server SOAP port number>
    
    Usage sample on a node running a windows version of Business
    Process Manager:
    1. switch to <profile>\bin and execute setupCmdLine.bat
    2  stay in directory <profile>\bin and execute
      <install>\BPM\Lombardi\tools\security\
       groupMembershipFullUpdate.bat
    
    For other scripts and other platforms, execute similar steps
    

Problem conclusion

  • The administrative scripts and tasks allow you to synchronize
    users and group membership when necessary.
    
    FIX AVAILABILITY:
    iFix for 7.5.1.0 is available on Fix Central, search for APAR
    JR48507 at http://www.ibm.com/support/fixcentral/
    iFix for 8.0.1.1 is available on Fix Central, search for APAR
    JR48507 at http://www.ibm.com/support/fixcentral/
    iFix for 8.0.1.2 is available on Fix Central, search for APAR
    JR48507 at http://www.ibm.com/support/fixcentral/
    Fix is also targetted for inclusion in next fixpack for
    BPM V7.5.1, BPM 8.0.1
    
    When obtaining any of the above fixes, be sure to download the
    accompanying readme, for itself, and any prerequisite fixes, and
    review them thorougly.
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR48507

  • Reported component name

    BPM STANDARD

  • Reported component ID

    5725C9500

  • Reported release

    751

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-11-15

  • Closed date

    2014-01-23

  • Last modified date

    2014-01-23

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    BPM STANDARD

  • Fixed component ID

    5725C9500

Applicable component levels

  • R751 PSY

       UP

  • R801 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5.1","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
23 January 2014