We are testing the LSF security (still use LAUA in production) and I am learning as I go. I have a question about the Definition Data Source.
We've created a fairly complete security setup on our test server and we have users testing it out. We have a single application profile, and we use that one profile for all of our test product lines/data areas. (FWIW, we have always had about 5 or 6 product lines in TEST, due to different users testing different scenarios, and patch testing. We don't necessarily patch them all, and we definitely don't migrate every single mod to them - only where it's going to be tested - and then we move it into Production. Eventually these product line get rebuilt/refreshed anyway, so we don't worry too much about it. It definitely is a PITA to keep up with, but our users pretty much have demanded these multiple sandboxes, so that's how we roll.)
I just learned about the Definition Data Source; it is the source of all the programs that show up in the security rules. Unfortunately ours is set to a product line that is fairly old; we had a consultant set up our security, and he set it to this simply because we chose a PL that users would not need to test in for a while - and this one fit the bill. I had a user that could not access a particular form (a custom one), and I eventually determined that it was because the PL that was used as the Definition Data Source did not have the custom form in it. So once we migrated the customization to that PL it was just a matter of adding the rule to the class, and that resolved the issue.
Apparently you cannot simply change the Definition Data Source on the "Change Profile" screen - you have to create a new Profile. I am considering doing that, creating one that is tied to an always-current source, but I think that is a lot of work, and I'm not sure I want to go there. Have any of you done this? Do you typically have multiple Profiles - a one-to-one for your multiple data sources? I realize that to have a single profile (one to many) means that you need to have all those PLs matching - I understand that - now. I'm just wondering, in the real world, what others have done.
Also, when you "blow away" a product line - say you want to recreate it from Production to be current, how does that affect security that is based on that PL? If that PL was the Definition Data Source, would you be able to recreate that PL at all? Would it blow away the security set up?
Cindy,
To add one piece to what Kwane wrote:
lsload PROFILE filename [-p newProfileId] [-d defProd] [-a activeDataSrc] [-addRoleMapping]
Use the -p to tell it the new Profile ID you're creating, and -d to indicate your Definition ProductLine (select the "richest" PL you have on TEST).
With these parameters, you don't even have to edit the XML file!
Regards, Dave (303) 773-3535
Thanks. It's been a while since I have even used LDAPAdmin - can't get the configuration to work for this new server. Kwane - I'll email you if you have a minute to look at it. The connection tests successfully, but there is nothing showing in the screen after I open it.
As to my question about refreshing product lines....are there any issues with that?