Edit settings in the profiles-policy.xml file
to configure the networking feature.
Before you begin
To edit configuration files, use the IBM® WebSphere® Application
Server wsadmin client. See Starting
the wsadmin client for information about how to start the wsadmin
tool.
About this task
When networking is enabled, users can invite other users
to join their network. The networking feature is enabled by default
and you cannot disable it. However, you can configure access control
settings for the feature according to profile type.
Procedure
The following steps provide information about the properties
for the networking feature, and the access levels and scopes that
you can configure.
- Start the wsadmin client from the following
directory of the system on which you installed the Deployment Manager:
app_server_root\profiles\dm_profile_root\bin
where
app_server_root is
the WebSphere Application
Server installation directory and
dm_profile_root is
the Deployment Manager profile directory, typically dmgr01.
You
must start the client from this directory or subsequent commands that
you enter do not execute correctly.
- Start the Profiles Jython script interpreter.
- Enter the following command
to access the Profiles configuration files:
execfile("profilesAdmin.py") If
prompted to specify a service to connect to, type 1 to pick the first
node in the list. Most commands can run on any node. If the command
writes or reads information to or from a file using a local file path,
you must pick the node where the file is stored.
-
Use the following command to check out the profiles-policy.xml
file:
ProfilesConfigService.checkOutPolicyConfig("<working_directory>", "cell_name")
where:
- working_directory is the temporary working directory to which the
configuration XML and XSD files will be copied. The files are kept in this working
directory while you make changes to them.
- cell_name is the name of the IBM WebSphere Application Server cell
hosting the Profiles application. This argument is required.
For
example:
ProfilesConfigService.checkOutPolicyConfig("/wsadminoutput", "jdoe30Node02Cell")
- Open the profiles-policy.xml file
using a text editor, from the temporary directory to which you checked
it out.
- Edit the following properties for the networking feature
as needed.
- profile.colleague
This property is always set to enabled to ensure that users
are always able to see their possible colleagues. You cannot set the
property to disabled. However, you can use the profile.colleague.connect access
scope to control who can invite the user to be a colleague.
- profile.colleague.connect
Controls user access to invite people to join their network.
Access
levels for this property can be defined using one of the following
scopes:
- none. No one can invite a user with the specified profile type
to join their network. If the user has an existing network of colleagues,
it is not available.
Note: Setting the scope to none does not make
a user's network read-only. If you need to lock the state of
a user, note that users can still remove contacts from their network
when you set the scope to none.
- person_not_self. Only users with the person J2EE role can invite
users with the specified profile type to join their network. The profile
owner cannot invite themselves to join their own network.
Note: If
resourceOwner is specified on the access check, the resource owner
constraint must also be met, unless the user has the admin role.
For example:
<feature name="profile.colleague">
<profileType type="default" enabled="true">
<acl name="profile.colleague.connect" scope="person_not_self" />
</profileType>
<profileType type="contractor" enabled="true">
<acl name="profile.colleague.connect" scope="none" />
</profileType>
<profileType type="visitor" enabled="false">
<acl name="profile.colleague.connect" scope="none" />
</profileType>
</feature>
This code sample enables the networking feature
for users with the default profile type, and enables only users with
the person J2EE role to invite the profile owner to join their network.
Networking is also enabled for the contractor profile type, although
no one can invite contractor users to join their network. Networking
is disabled for users with the visitor profile type.
- Save your changes and check the profiles-policy.xml file
back in using the following command:
ProfilesConfigService.checkInPolicyConfig()
- To exit the wsadmin client, type exit at
the prompt.
- Stop and restart the Profiles server.