User Role Manager
The User Role Manager is an administrative tool for creating user accounts and assigning administrative roles without having to edit the Tomcat/conf/tomcat-users.xml file directly. The intended audience for this article is MIRC system administrators.
To access the URM, log in as an administrator and click the User Role Manager item in the Admin menu on the query page. The URM page looks like this:
- The left column is the username.
- The right column is the user's password.
- The users listed are those that are currently in the tomcat-users.xml file.
- The roles listed are the administrative roles that are possessed by a current user or ones that appear in the entity definitions in the web.xml files of any of the storage services on the server. Administrative roles are those that confer access privileges to servlets on the system. They are distinguished from the roles that define groups in that administrative roles can only be granted by administrators while groups can be created by users.
- Prefixes to role names are used to relate them to webapps. (FS = File Service. QS = Query Service. Other prefixes, for example SS, are associated with storage services.)
- Storage Services which share the same prefix share the same roles, and users who possess those roles have whatever privileges they confer on all storage services with the same prefix.
- The admin role confers all privileges to the administrator.
- The publisher role confers the privilege to make documents public on storage services which are not enabled for autoindexing of documents.
- It is a good idea for at least one user to have all privileges, although MIRC does not require it.
Users are listed in alphabetical order, so when you add one, it will not necessarily appear at the bottom of the listing after you click the Update button.
When the URM receives a post of the form, it updates the tomcat-users.xml file.
- Any user with no assigned roles is deleted from the list.
- Any line with a blank username is not processed.
When you create a user, make sure to assign the user at least one role by clicking a checkbox in the row with the user’s name and password; otherwise, when you click Update, the addition will not be processed. You can add one user per click of the Update button.
In sites running the Smart Memory Realm (all sites after MIRC release T28), the changes become effective within one minute.
Parenthetical note to avoid confusion: When Tomcat is installed, it comes with several users (e.g. manager) and roles (e.g. role1) in the tomcat-users.xml file. They are examples to demonstrate the use of the Manager webapp. You can delete them using the URM. If you aren't sure whether MIRC needs a role, it doesn't hurt to leave it in place.