Enabling a user with Search Term Manager role to access the Catalogs tool

In this lesson, you add the Search Term Manager role to existing user groups.

About this task

The user group of a tool is associated with policies that provide access to preview the store and load business objects. Therefore, by adding a role to a user group, the user is granted access to preview the store, and load most of the business objects.

When you require extra access for loading some of the business objects in the tool, new policies can be set up for those Get services. Or, you can add the new role to the user group associated to an existing access control policy that can view those objects.

The wcfApplicationMenuItems definition defines all the Management Center menu options. For the menu option (tool) you want to access, locate its wcfApplicationMenuItem element and find the usage attribute. In this lesson, the Search Term Manager role is added to the user groups:
CatalogGroupViewersForOrg
Add the role to the user group CatalogGroupViewersForOrg associated to IBM_ViewCatalogTool usage. This allows the role to access the Catalogs tool and load most of the business objects except attribute dictionary objects. The CatalogGroupViewersForOrg element resembles the following code in the wcfApplicationMenuItems definition.
<!---
	Application menu item for opening the Catalog Management tool.
-->
<ApplicationMenuItem actionName="openBusinessObjectEditor" 
activeIconSrc="catalogActiveTabIcon" 
displayName="${shellResourceBundle.catalogManagementDisplayName}" 
id="catalogManagement" 
inactiveIconSrc="catalogInactiveTabIcon" 
toolDefinitionName="catCatalogManagement" 
usage="IBM_ViewCatalogTool"/>
AttributeDictionaryViewersForOrg
Add the role to the AttributeDictionaryViewersForOrg user group. The following policy allows user in the AttributeDictionaryViewersForOrg user group to load attribute dictionary objects.
<Action CommandName="GetAttributeDictionary.IBM_Admin_Summary" 
Name="GetAttributeDictionary.Summary"/>
 
<ActionGroup 
Name="Catalog-AttributeDictionary-AttributeDictionaryViewers-AccessProfileActionGroup" OwnerID="RootOrganization">
<ActionGroupAction Name="GetAttributeDictionary.Details"/>
<ActionGroupAction Name="GetAttributeDictionary.Summary"/>
<ActionGroupAction Name="GetAttributeDictionary.All"/>
</ActionGroup>

<Policy Name="Catalog-AttributeDictionary-AttributeDictionaryViewers-AccessProfilePolicy"            
OwnerID="RootOrganization"
UserGroup="AttributeDictionaryViewersForOrg"
ActionGroupName="Catalog-AttributeDictionary-AttributeDictionaryViewers-AccessProfileActionGroup"
ResourceGroupName="AccessProfileResourceGroup"
PolicyType="groupableTemplate"/>
WorkspaceToolUsersForOrg
The role is added to the user group WorkspaceToolUsersForOrg associated to IBM_WorkspaceManagementTool usage to access the workspace tool. The WorkspaceToolUsersForOrg element resembles the following code in the wcfApplicationMenuItems definition.
<!---
	Application menu item for opening the Workspace Management tool.
-->
<ApplicationMenuItem actionName="openBusinessObjectEditor" 
activeIconSrc="workspaceActiveTabIcon" 
displayName="${shellResourceBundle.workspaceManagementDisplayName}" 
id="workspaceManagement" 
inactiveIconSrc="workspaceInactiveTabIcon" 
toolDefinitionName="wspWorkspaceManagement" 
usage="IBM_WorkspaceManagementTool"/>

The code that is defined for CatalogGroupViewersForOrg and WorkspaceToolUsersForOrg is in the LOBTools\WebContent\config\shell\ApplicationMenuItems.def file. The code that is defined for AttributeDictionaryViewersForOrg is in the WCDE_installdir\xml\policies\xml\CatalogAccessControlPolicies.xml access control policy XML file.

Procedure

To add the Search Term Manager role to user groups:
  1. Open the Organization Administration Console.
  2. Select Access Management > Member Groups.
  3. In the View menu, select Access Groups
  4. Add the role to CatalogGroupViewersForOrg user group.
    1. Under the Name field, locate and click CatalogGroupViewersForOrg. The user group details pages displays.
    2. Click Criteria. The Criteria page displays.
    3. In the Select Organization menu, select Root Organization because the Search Term Manager plays a role on this organization.
    4. In the Select Role menu, select Search Term Manager.
    5. Select the check box beside For organization.
    6. Click Add. The Search Term Manager role is added to the Selected roles and organizations list.
    7. Click OK to save the changes.
  5. Add the role to AttributeDictionaryViewersForOrg user group.
    1. Under the Name field, locate and click AttributeDictionaryViewersForOrg. The user group details page displays.
    2. Repeat steps 4b-4g.
  6. Add the role to WorkspaceToolUsersForOrg user group.
    1. Under the Name field, locate and click WorkspaceToolUsersForOrg. The user group details page displays.
    2. Repeat steps 4b-4g.

Results

You successfully added the Search Term Manager role to the user groups to allow for access to the Catalogs tool. Any user that you create that is assigned the Search Term Manager role has access to view the Catalogs tool. The proceeding lessons teach you how to add write usage to the tool.