IBM Support

Steps to Configure Role based filtering in Datacap Navigator

Product Documentation


Abstract

The Role-based batch filtering feature is available in Datacap Desktop and FastDoc along with Datacap Navigator. This feature provides a security mechanism by restricting the access to the batches that depend on the authorization level of the user for a particular application, for example, TravelDocs. In Datacap Navigator, the users can only view and work on the batches based on the user’s groups. This feature also enables Datacap Navigator users to assign group access control to batches by using standard actions.

Content

Group A will be able to perform all user activities and able to see the Job Monitor batches which Group A created. 
Group A users will not able to see the batches created by other groups.  Similar will be the case for Group B.
ITAdministrator Group should be able to perform all actions in all groups.  IT Groups should have privilege to manage batches and see Batches created by any Group. 
 
ITAdministrator Group users will have all the accesses as those of other group users and could not be separated in this implementation. 
Role Based functionality was introduced for Monitoring purpose and restrictions were not part of the functionality.  Hence any task which other groups can perform could be performed by IT Group.

Exclusive Role Based Filtering Step by Step:

1. Create AD groups and users as per following table:

User

Belongs to

UserA

GroupA

UserB

GoupB

ITAdministrator

GroupA, GroupB

2. Go to Datacap server manager
  • Set authentication mode to TMA
  • Enable TMS logs to highest level
  • Save and restart the server
3. Go to Datacap Application manager
  • Go to specific application
  • Uncheck Automatically import user groups
  • Save and close
4. Open Datacap Navigator in browser
  • Login as admin
  • Go to Datacap admin console
  • Go to Groups
  • Add Group -> GroupA.DomainName
  • If group already exists then Edit group
  • Set Weight to 8
  • Similarly add group -> GroupB.DomainName
  • Set Weight to 9
  • Logout
5. Verify in admin database that the groups are added under ‘tmgroup’ table
  • Also note down the gr_ind and gr_key values for individual groups
6. Go to Datacap application manager
  • Open the specific application
  • Set Role based batch filtering -> Exclusive
  • Open ‘Custom values’ tab
  • Under the section General string values add groups in following way:

Value name: Group1

Value: GroupA.DomainName

Where 1 is gr_ind values for GroupA so the value name is Group1

  • Similarly add other groups
7. Go to Datacap server manager
  • Set authentication mode to LDAP/LLLDAP
  • Set appropriate authentication path template
  • Save and restart the server
8. Open Datacap Navigator
  • Login with UserA
  • Create a batch and note the batch number
  • Logout
9. Open TMS log file
  • Search for string like this:

My: exclusive groups: [1]; combined groups keys: [8]; heaviest group key: [8]

  • Verify that correct groups and keys are listed
10. Open Engine Database and select the row with pb_batch=<batch number from step 7> from tmbatch table
  • Verify that the pb_key for the batch created in step 7 is updated correctly in the row.
11. Open Datacap Navigator
  • Login with UserB
  • Check that Job monitor does not display the batch created by UserA
  • Create a batch and note the batch number
  • Logout
12. Check TMS logs as mentioned in step 8
13. Check pb_key in tmbatch table as mentioned in step 9
14. Open Datacap Navigator
  • Login with ITAdministrator
  • Check that batches from both UserA and UserB are visible
15. Open TMS log
  • Search for ‘JobMonitorView’
  • Verify the query formed under it:

SELECT * FROM (SELECT TOP 1 * FROM (SELECT TOP 1 * FROM JobMonitor WHERE qu_admDB=807 AND (pb_key IS NULL OR pb_key IN (0,8,9)) ORDER BY qu_id) ORDER BY qu_id DESC) ORDER BY qu_id'

Related Information

Role-Based Batch Filtering

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZRWV","label":"IBM Datacap"},"Component":"Datacap Navigator Role Based Filtering","Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Product Synonym

IBM Datacap Navigator

Document Information

Modified date:
26 September 2022

UID

ibm11075725

Page Feedback