Setting user roles for external collaboration

Assign the EMPLOYEE_EXTENDED role to internal users who are allowed to create content that is visible to external users.

Before you begin

You must start the wsadmin client and load profilesAdmin.py in order to run the commands that set user roles. See Starting the wsadmin client and Running Profiles administrative commands for more information.

The user whose role you set must be registered with Profiles via IBM® Tivoli® Security Integrator.

About this task

By default, internal users cannot create content that is visible to external users. To allow collaboration between internal users and external users, you must assign the EMPLOYEE_EXTENDED role to the internal users. Only users with the EMPLOYEE_EXTENDED role can create content that can be shared with external users. However, the content can be shared by any internal user.

Note: To remove the EMPLOYEE_EXTENDED role from a user, assign the EMPLOYEE role or the DEFAULT_ROLE role to that user. See Profiles administrative commands for more information about roles and the commands that you use for setting roles.

Procedure

  • Set a role for an individual user.
    You can identify the user with an email address or with an external ID.
    OptionDescription
    ProfilesService.setRole(String user_email_addr, String role) Set the role using an email address.
    ProfilesService.setRole("ajones277@example.com", EMPLOYEE_EXTENDED)
    setRole Command processed user role 'employee.extended' for user ajones277@example.com
    ProfilesService.setRoleByUserId(String user_external_id, String role) Set the role using an external ID.
    ProfilesService.setRoleByUserId("8e88c240", EMPLOYEE_EXTENDED)
    setRole Command processed user role 'employee.extended' for user 8e88c240
    
    Notes:
    1. You can use the getMemberExtIdByEmail("email") or getMemberExtIdByLogin("login") commands to retrieve the external ID of a user. For more information about these commands, see Synchronizing user data using administrative commands
    2. Although the ID is shown here as an 8 digit hexadecimal number, an ID can be any format, such as a GUID. For example, "ec8a89c0-f41d-102c-9b60-f225bc6c4af4".
  • Set the same role for multiple users.
    Assign the same role to a set of users by listing either user IDs or email addresses in a text file.
    • role: The role to assign to each user in the list.
    • filename: The name of the text file that contains the list of users. The file must be locally accessible from the client environment.
      Note: If you are processing several hundreds of users, create several files and run them in separate commands.
    OptionDescription
    ProfilesService.setBatchRole(String role, String filename) Assign the specified role to each user whose email address is listed in the text file. The text file must contain one valid email address per line.
    ProfilesService.setBatchRole(EMPLOYEE_EXTENDED, "profiles-roles-by-email.txt")
    setBatchRole request processed
     Command processed user role 'employee.extended' for users
    [ JonesA377@example.com, JohnSmith4@example.com, JaneR@example.com ]
    
    ProfilesService.setBatchRoleByUserId(String role, String filename) Assign the specified role to each user whose ID is listed in the text file. The text file must contain one valid user ID per line.
    ProfilesService.setBatchRoleByUserId(EMPLOYEE_EXTENDED, "profiles-roles-by-userid.txt")
    setBatchRole request processed
     Command processed user role 'employee.extended' for users
    [ 8d579540, 110f82c0, 5876de62, 5426de62 ]
    Notes:
    1. You can use the getMemberExtIdByEmail("email") or getMemberExtIdByLogin("login") commands to retrieve the external ID of a user. For more information about these commands, see Synchronizing user data using administrative commands
    2. Although the IDs are shown here as 8 digit hexadecimal numbers, an ID can be any format, such as a GUID. For example, ec8a89c0-f41d-102c-9b60-f225bc6c4af4.

What to do next

Run one of the following commands to find out which role is assigned to a user.
  • Retrieve the role that is associated with a user's email address by running the command ProfilesService.getRoles(String user_email_addr).
    
    ProfilesService.getRoles("aalain@example.com")
    [employee]
    
  • Retrieve the role that is associated with a user's directory ID by running the command ProfilesService.getRolesByUserId(String user_external_id).
    ProfilesService.getRolesByUserId("ec8a89c0-f41d-102c-9b60-f225bc6c4af4")
    [employee.extended]