I have to manage a quite complex population of users : different sub companies / different regions / different functions.
The first approach would be to create myriads of small groups :
CompagnyA_Europe_Developers
CompagnyA_Europe_BusinessSupport CompagnyA_AP_Developers CompagnyA_AP_BusinessSupport … CompagnyB_Europe_Developers CompagnyB_Europe_BusinessSupport
and to manage individually memberships.
As the numbers companies x regions and obviously the number of function are quite large, it will be rapidly a nightmare to manage.
So my idea is to create : CompanyA CompanyB Europe AP Developpers BusinessSupport
And add users in groups depending on what they have to do and to which company.
So, if Sonia is working as Business support Europe for company A, she will belong to groups CompanyA, Europe and BusinessSupport.
Then I will create this famous myriad of small roles but instead managing individual membership of each users vs roles, I would like to configure them by saying
CompagnyA_Europe_Developers = member_of_CompanyA ANDmember_of_Europe AND member_of_Developpers.
Is it any easy way to do it ?
I’m currently testing w/ roles’ dynamic attributes but perhaps there is an easiest way.
As a suggestion
Software ag recommend users to use the internal directory service (System) to maintain only a moderate number of users and groups.
Have you tried using external directory services?
My webMethods support external directory services such as SunOne Directory Server, Active Directory, Active Directory Application Mode (ADAM).
External services might give you more flexibility and can handle your myriads of small groups, roles.
we will use LDAP using if we don’t have the choice : I know it’s the better solution but our corporate LDAP is managed by another team creating some difficulties to manage our own data.
So even if we will use LDAP, I think part of groups management has to remain on MWS for flexibility.
By the way, I though also to install our own LDAP (openLDAP) but as wM supports only SUNone
Otherwise, is it possible to issue an LDAP quere against CDS ?
If we have to install our own LDAP server, it will be on unix are our webMethods platform runs also under unix.
Yes, but my question was to know if it’s possible to query MWS internal CDS with LDAP queries ?
In other words, it is possible to create rules based roles that will issues LDAP queries against CDS ?