Difference between revisions of "User Role Manager"

From MircWiki
Jump to navigation Jump to search
m (Protected "User Role Manager" [edit=sysop:move=sysop])
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
The User Role Manager is an administrative tool for creating user accounts and assigning administrative roles. The intended audience for this article is MIRC system administrators.
+
The User Role Manager is an administrative tool for creating user accounts and assigning administrative roles without having to edit the <b>Tomcat/conf/tomcat-users.xml</b> file directly. The intended audience for this article is MIRC system administrators.
  
The User Role Manager (URM) is a simple page that allows you to create users and roles without having to directly edit the Tomcat/conf/tomcat-users.xml file.
+
To access the URM, log in as an administrator and click the <b>User Role Manager</b> item in the Admin menu on the query page. The URM page looks like this:
 
To access the URM, click the <b>User Role Manager</b> button on the admin page of any storage service on the server. All storage services on a server (e.g., a specific Tomcat instance) link to the same URM, and the URM manages all the users on the server. The URM page looks like this:
 
  
 
<center>
 
<center>
Line 10: Line 8:
  
 
* The left column is the username.
 
* The left column is the username.
* The right column is the user's password. The column is not listed because the page is sent in clear text and there is no sense drawing a hacker's attention. In a future release, the URM can be changed to use SSL.
+
* The right column is the user's password.
 
* The users listed are those that are currently in the tomcat-users.xml file.
 
* The users listed are those that are currently in the tomcat-users.xml file.
* The roles listed are those that are possessed by a current user or ones that appear in the entity definitions in the web.xml files of any of the storage services on the server.
+
* The roles listed are the administrative roles that are possessed by a current user or ones that appear in the entity definitions in the <b>web.xml</b> files of any of the storage services on the server. Administrative roles are those that confer access privileges to servlets on the system. They are distinguished from the roles that define groups in that administrative roles can only be granted by administrators while groups can be created by users.
 +
* Prefixes to role names are used to relate them to webapps. (FS = File Service. QS = Query Service. Other prefixes, for example SS, are associated with storage services.)
 +
* Storage Services which share the same prefix share the same roles, and users who possess those roles have whatever privileges they confer on all storage services with the same prefix.
 +
* The <b>admin</b> role confers all privileges to the administrator.
 +
* The <b>publisher</b> role confers the privilege to make documents public on storage services which are not enabled for autoindexing of documents.
 +
* It is a good idea for at least one user to have all privileges, although MIRC does not require it.
  
Roles and users are listed in alphabetical order, so when you add one, it won't necessarily appear at the bottom or on the right after you click the <b>Update</b> button.
+
Users are listed in alphabetical order, so when you add one, it will not necessarily appear at the bottom of the listing after you click the <b>Update</b> button.
  
When the URM receives a post of the form, it updates the tomcat-users.xml file.
+
When the URM receives a post of the form, it updates the <b>tomcat-users.xml</b> file.
* If there is any user with no assigned roles, the user is deleted from the list.
+
* Any user with no assigned roles is deleted from the list.
* If there is any role with no assigned users, the role is deleted from the list (unless the role appears in a web.xml file of a storage service).
+
* Any line with a blank username is not processed.
* If any username is blank, the line in the form is not processed.
 
  
You can use the URM to edit the spelling or change the password of any user.
+
When you create a user, make sure to assign the user at least one role by clicking a checkbox in the row with the user’s name and password; otherwise, when you click <b>Update</b>, the addition will not be processed. You can add one user per click of the <b>Update</b> button.
 
 
When you create a user, make sure to assign the user at least one role by clicking a checkbox in the row with the user’s name and password, and when you create a role, make sure it is assigned to at least one user; otherwise, when you click <b>Update</b>, the addition will not be processed.
 
 
 
You can add one user and one role per click of the <b>Update</b> button.
 
  
 
In sites running the Smart Memory Realm (all sites after MIRC release T28), the changes become effective within one minute.
 
In sites running the Smart Memory Realm (all sites after MIRC release T28), the changes become effective within one minute.
  
Parenthetical note to avoid confusion: When Tomcat is installed, it comes with several users and roles in the tomcat-users.xml file. They are examples to demonstrate the use of the Manager webapp. You can delete them, if you want, using the URM.
+
Parenthetical note to avoid confusion: When Tomcat is installed, it comes with several users (e.g. <b>manager</b>) and roles (e.g. <b>role1</b>) in the tomcat-users.xml file. They are examples to demonstrate the use of the Manager webapp. You can delete them using the URM. If you aren't sure whether MIRC needs a role, it doesn't hurt to leave it in place.

Latest revision as of 19:11, 31 July 2009

The User Role Manager is an administrative tool for creating user accounts and assigning administrative roles without having to edit the Tomcat/conf/tomcat-users.xml file directly. The intended audience for this article is MIRC system administrators.

To access the URM, log in as an administrator and click the User Role Manager item in the Admin menu on the query page. The URM page looks like this:

Error creating thumbnail: Unable to save thumbnail to destination
  • The left column is the username.
  • The right column is the user's password.
  • The users listed are those that are currently in the tomcat-users.xml file.
  • The roles listed are the administrative roles that are possessed by a current user or ones that appear in the entity definitions in the web.xml files of any of the storage services on the server. Administrative roles are those that confer access privileges to servlets on the system. They are distinguished from the roles that define groups in that administrative roles can only be granted by administrators while groups can be created by users.
  • Prefixes to role names are used to relate them to webapps. (FS = File Service. QS = Query Service. Other prefixes, for example SS, are associated with storage services.)
  • Storage Services which share the same prefix share the same roles, and users who possess those roles have whatever privileges they confer on all storage services with the same prefix.
  • The admin role confers all privileges to the administrator.
  • The publisher role confers the privilege to make documents public on storage services which are not enabled for autoindexing of documents.
  • It is a good idea for at least one user to have all privileges, although MIRC does not require it.

Users are listed in alphabetical order, so when you add one, it will not necessarily appear at the bottom of the listing after you click the Update button.

When the URM receives a post of the form, it updates the tomcat-users.xml file.

  • Any user with no assigned roles is deleted from the list.
  • Any line with a blank username is not processed.

When you create a user, make sure to assign the user at least one role by clicking a checkbox in the row with the user’s name and password; otherwise, when you click Update, the addition will not be processed. You can add one user per click of the Update button.

In sites running the Smart Memory Realm (all sites after MIRC release T28), the changes become effective within one minute.

Parenthetical note to avoid confusion: When Tomcat is installed, it comes with several users (e.g. manager) and roles (e.g. role1) in the tomcat-users.xml file. They are examples to demonstrate the use of the Manager webapp. You can delete them using the URM. If you aren't sure whether MIRC needs a role, it doesn't hurt to leave it in place.