How to 'AND' memberships of groups/roles ?

Hi all,

I have to manage a quite complex population of users : different sub companies / different regions / different functions.

The first approach would be to create myriads of small groups :


and to manage individually memberships.

As the numbers companies x regions and obviously the number of function are quite large, it will be rapidly a nightmare to manage.

So my idea is to create :

And add users in groups depending on what they have to do and to which company.

So, if Sonia is working as Business support Europe for company A, she will belong to groups CompanyA, Europe and BusinessSupport.

Then I will create this famous myriad of small roles but instead managing individual membership of each users vs roles, I would like to configure them by saying

CompagnyA_Europe_Developers = member_of_CompanyA AND member_of_Europe AND member_of_Developpers.

Is it any easy way to do it ?

I’m currently testing w/ roles’ dynamic attributes but perhaps there is an easiest way.

Best regards,


As a suggestion
Software ag recommend users to use the internal directory service (System) to maintain only a moderate number of users and groups.

Have you tried using external directory services?

My webMethods support external directory services such as SunOne Directory Server, Active Directory, Active Directory Application Mode (ADAM).
External services might give you more flexibility and can handle your myriads of small groups, roles.

Hi Kerni,

we will use LDAP using if we don’t have the choice : I know it’s the better solution but our corporate LDAP is managed by another team creating some difficulties to manage our own data.
So even if we will use LDAP, I think part of groups management has to remain on MWS for flexibility.

By the way, I though also to install our own LDAP (openLDAP) but as wM supports only SUNone :frowning:

Otherwise, is it possible to issue an LDAP quere against CDS ?

wM claim that these three are certified for use not only SunOne

  • SunOne Directory Server (5.2)
  • Active Directory
  • Active Directory Application Mode (ADAM)

Frankly, I don’t have detail knowledge on OpenLDAP but any true LDAP implementation should work and accept LDAP query.

Also: have you read this post?

Hi kerni,

If we have to install our own LDAP server, it will be on unix are our webMethods platform runs also under unix.

Yes, but my question was to know if it’s possible to query MWS internal CDS with LDAP queries ?
In other words, it is possible to create rules based roles that will issues LDAP queries against CDS ?

Sure, I did some reply about SP2 :wink: