Set user roles for external collaboration
Assign the EMPLOYEE_EXTENDED role to internal users who are allowed to create content visible to external users.
You must start the wsadmin client and load profilesAdmin.py in order to run the commands that set user roles. See Starting the wsadmin client and Running Profiles administrative commands for more information.
The user whose role you set must be registered with Profiles via IBM Tivoli Directory Integrator.
By default, internal users cannot create content visible to external users. To allow collaboration between internal and external users, we must assign the EMPLOYEE_EXTENDED role to the internal users. Only users with the EMPLOYEE_EXTENDED role can create content that can be shared with external users. However, the content can be shared by any internal user.
To remove the EMPLOYEE_EXTENDED role from a user, assign the EMPLOYEE role or the DEFAULT_ROLE role to that user. See Profiles administrative commands for more information about roles and the commands that you use for setting roles.
- Set a role for an individual user. We can identify the user with an email address or with an external ID.
Option Description ProfilesService.setRole(String user_email_addr, String role) Set the role using an email address. ProfilesService.setRole("ajones277@myco.com", EMPLOYEE_EXTENDED) setRole Command processed user role 'employee.extended' for user ajones277@myco.comProfilesService.setRoleByUserId(String user_external_id, String role) Set the role using an external ID. ProfilesService.setRoleByUserId("8e88c240", EMPLOYEE_EXTENDED) setRole Command processed user role 'employee.extended' for user 8e88c240
- We can use the getMemberExtIdByEmail("email") or getMemberExtIdByLogin("login") commands to retrieve the external ID of a user. For more information about these commands, see Synchronize user data
- Although the ID is shown here as an 8 digit hexadecimal number, an ID can be any format, such as a GUID. For example, "ec8a89c0-f41d-102c-9b60-f225bc6c4af4".
- Set the same role for multiple users. Assign the same role to a set of users by listing either user IDs or email addresses in a text file.
- role: The role to assign to each user in the list.
- filename: The name of the text file containing the list of users. The file must be locally accessible from the client environment.
For of users, create several files and run them in separate commands.
Option Description ProfilesService.setBatchRole(String role, String filename) Assign the specified role to each user whose email address is listed in the text file. The text file must contain one valid email address per line. ProfilesService.setBatchRole(EMPLOYEE_EXTENDED, "profiles-roles-by-email.txt") setBatchRole request processed Command processed user role 'employee.extended' for users [ JonesA377@myco.com, JohnSmith4@myco.com, JaneR@myco.com ]ProfilesService.setBatchRoleByUserId(String role, String filename) Assign the specified role to each user whose ID is listed in the text file. The text file must contain one valid user ID per line. ProfilesService.setBatchRoleByUserId(EMPLOYEE_EXTENDED, "profiles-roles-by-userid.txt") setBatchRole request processed Command processed user role 'employee.extended' for users [ 8d579540, 110f82c0, 5876de62, 5426de62 ]
- We can use the getMemberExtIdByEmail("email") or getMemberExtIdByLogin("login") commands to retrieve the external ID of a user. For more information about these commands, see Synchronize user data
- Although the IDs are shown here as 8 digit hexadecimal numbers, an ID can be any format, such as a GUID. For example, ec8a89c0-f41d-102c-9b60-f225bc6c4af4.
What to do next
Run one of the following commands to find out which role is assigned to a user.
- Retrieve the role associated with a user's email address by running the command ProfilesService.getRoles(String user_email_addr).
ProfilesService.getRoles("aalain@myco.com") [employee]
- Retrieve the role associated with a user's directory ID by running the command ProfilesService.getRolesByUserId(String user_external_id).
ProfilesService.getRolesByUserId("ec8a89c0-f41d-102c-9b60-f225bc6c4af4") [employee.extended]
Parent topic:
Manage external user access
Related:
Related:
Configure External Collaboration
Related reference: