Hi All,
I have given business console access to “Everyone” group so that all the users can access a gadget.
But, when a ldap user tries to access it, its not working.
Could you please tell me how I can provide access to a gadget for an LDAP user ?
Thanks,
Irfan
Hi Irfan,
as Everyone is a group local to MWS it cannot contain external users from a LDAP Directory service.
Please grant the access to the role “My webMethods Users” instead.
This one can contain LDAP Users.
Regards,
Holger
Hi Holger,
Thanks for the response!
It’s absolutely true which you said that this can be done by assigning business console access permissions to “My webMethods Users” role.
But, not all LDAP users will be added manually in this role right?
What I need is, when an ldap user accesses a specific AppSpace in business console, he should be shown that page regardless of whether he is part of “My webMethods Users” role or not. That is because, as mentioned, I cannot add all the ldap users manually in the same role.
Do you propose anything for this? Let me know if my question is unclear.
Thanks again!
Irfan
Hi Irfan,
You can do one thing, create a new role with the role provider type being “LDAP Query Role Provider” and in the query of the LDAP role you ensure that all the LDAP users are fetched.
Now you can provide permissions on this Role and will apply to all the LDAP users.
Vinay
Hi Vinay,
Thanks for the response. Indeed I was able to add ldap query based on your suggestion and if I search for a ldap user and check the assigned role, I can see that the newly created role is assigned to them.
But still, when I try to open business console now with the ldap user credentials, it gives the below error.
User not authorized to view the resource [Folders > My webMethods Applications > Fabric Tasks > Business Console Root > socialBPM]
I logged in via sysadmin and navigated to " [Folders > My webMethods Applications > Fabric Tasks > Business Console Root] and gave permissions to view this for the created ldap user role. but still the same error occurs.
When I try to click permissions for “socialBPM”, it navigates me to business console page where I dont see any assign permissions page.
Could you let me know what I should do in this case?
Thanks!
Hi Irfan,
For Business Console to work a user must have a at-least “My webMethods Users” role assigned. That is the reason you are seeing this error.My bad i missed mentioning that in my previous post.
Please add the LDAP query Role you have created to the “My webMethods Users” and that should take care of it.
Regards
Vinay
Hi Vinay,
Thanks for your inputs! That makes sense 
However, client has Ramzan holidays currently and I wont be able to check this at this moment.
Post holidays, I will verify the same and post the results here.
Thanks again for the response!
Regards,
Irfan
Hi Vinay,
Your solution worked perfectly for me! Thanks!
One small question, For the newly created LDAPRole, I do not want the users of that role to see the “Activity Steam” from the home page of business console.
So, I went to Permissions->Business Console Dashboards->WHN Demo->Added the new role here and removed the permissions to “View this object” and WHN Demo appspace is no longer available.
Similarly, I went to Permissions->Business Console Gadgets->socialbpmcommon_gadget___activitystream and gave deny permission on “View Object” to LDAPRole…but still when I log in with LDAP user, I can see activitystream on home page.
Would you know what could be the issue here?
Thanks!
