PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 08/02/2016 9:58 AM by  CindyW
Definition Data Source - have you ever changed it?
 4 Replies
Sort:
You are not authorized to post a reply.
Author Messages
CindyW
Private
Private
Veteran Member
(409 points)
Veteran Member
Posts:159


Send Message:

--
08/02/2016 8:30 AM

    We are testing the LSF security (still use LAUA in production) and I am learning as I go.  I have a question about the Definition Data Source.

    We've created a fairly complete security setup on our test server and we have users testing it out.  We have a single application profile, and we use that one profile for all of our test product lines/data areas.  (FWIW, we have always had about 5 or 6 product lines in TEST, due to different users testing different scenarios, and patch testing.  We don't necessarily patch them all, and we definitely don't migrate every single mod to them - only where it's going to be tested - and then we move it into Production. Eventually these product line get rebuilt/refreshed anyway, so we don't worry too much about it. It definitely is a PITA to keep up with, but our users pretty much have demanded these multiple sandboxes, so that's how we roll.) 

     I just learned about the Definition Data Source; it is the source of all the programs that show up in the security rules.  Unfortunately ours is set to a product line that is fairly old; we had a consultant set up our security, and he set it to this simply because we chose a PL that users would not need to test in for a while - and this one fit the bill.  I had a user that could not access a particular form (a custom one), and I eventually determined that it was because the PL that was used as the Definition Data Source did not have the custom form in it.  So once we migrated the customization to that PL it was just a matter of adding the rule to the class, and that resolved the issue.

    Apparently you cannot simply change the Definition Data Source on the "Change Profile" screen - you have to create a new Profile.  I am considering doing that, creating one that is tied to an always-current source, but I think that is a lot of work, and I'm not sure I want to go there.  Have any of you done this?  Do you typically have multiple Profiles - a one-to-one for your multiple data sources?  I realize that to have a single profile (one to many) means that you need to have all those PLs matching - I understand that - now.  I'm just wondering, in the real world, what others have done.

    Also, when you "blow away" a product line - say you want to recreate it from Production to be current, how does that affect security that is based on that PL?  If that PL was the Definition Data Source, would you be able to recreate that PL at all?  Would it blow away the security set up? 

     

    Attachments
    Kwane McNeal
    Private
    Private
    Veteran Member
    (1197 points)
    Veteran Member
    Posts:399


    Send Message:

    --
    08/02/2016 8:57 AM
    Cindy,
    The definition PL should reflect the most recent superset of all programs in a productline on the related environment, as you discovered.

    As for changing the definition PL, there are two ways.

    1) dump the profile, change the tag in the XML dump file, and reload the file
    2) using an ldap editor, manually change the tag. It's in lwsnSecData,profiles,< profID >. The attribute is DefProdLine (I believe)
    Dave Amen
    Private
    Private
    Veteran Member
    (173 points)
    Veteran Member
    Posts:61


    Send Message:

    --
    08/02/2016 9:16 AM

    Cindy,

    To add one piece to what Kwane wrote:

    lsload PROFILE filename [-p newProfileId] [-d defProd] [-a activeDataSrc] [-addRoleMapping]

    Use the -p to tell it the new Profile ID you're creating, and -d to indicate your Definition ProductLine (select the "richest" PL you have on TEST).

    With these parameters, you don't even have to edit the XML file!

    Regards,
    Dave
    (303) 773-3535

    Kwane McNeal
    Private
    Private
    Veteran Member
    (1197 points)
    Veteran Member
    Posts:399


    Send Message:

    --
    08/02/2016 9:26 AM
    Thanks Dave, I forgot about that switch.

    Normally, I use option two, since I'm usually correcting this sort of issue as a set of general fixes, with the environment down.
    CindyW
    Private
    Private
    Veteran Member
    (409 points)
    Veteran Member
    Posts:159


    Send Message:

    --
    08/02/2016 9:58 AM

    Thanks. It's been a while since I have even used LDAPAdmin - can't get the configuration to work for this new server. Kwane - I'll email you if you have a minute to look at it. The connection tests successfully, but there is nothing showing in the screen after I open it.


     

    As to my question about refreshing product lines....are there any issues with that?

    You are not authorized to post a reply.