Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 5 User Access Management : Managing Users with TIBCO BusinessConnect User Management

Managing Users with TIBCO BusinessConnect User Management
TIBCO BusinessConnect User Management is integrated with the user management capabilities of TIBCO Administrator.
First you have to add users and give them access rights to one or more components of TIBCO BusinessConnect using TIBCO Administrator User Management.
After that, you will add these users to TIBCO BusinessConnect User Management and give them access rights fine tuned with respect to trading partner access, business agreement access, log viewer access, and reports access. See Adding Users for more information.
Finally, you can add groups and join users to these groups to facilitate management of user permissions.
Super Users
As explained in TIBCO Administrator User Categories, there are two types of super users:
Internal Users
Internal Users in TIBCO BusinessConnect are used for authentication from requests sent by Interior private process applications, such as the CMI protocol, to manage participant, business agreement as well as operation level information for business protocols such as TIBCO BusinessConnect EDI Protocol powered by Instream, TIBCO BusinessConnect RosettaNet Protocol, TIBCO BusinessConnect ebXML Protocol, TIBCO BusinessConnect SOAP Protocol, TIBCO BusinessConnect Services Plug-in, amongst others. Internal users are also used by TIBCO Hawk to authenticate its connection to TIBCO BusinessConnect to monitor and manage the application.
To add an internal user, see Adding Internal Users.
For more details, see:
External Users
TIBCO BusinessConnect External users are specified only in the TIBCO BusinessConnect administrative GUI and they are associated with a trading partner, not with a specific protocol.
The same administrative GUI is used to assign the Server (PartnerExpress, TCM, SSH, or FTPS) with which these external users will communicate.
The External tab under BusinessConnect > User Management > Users only displays the external users configured in the authentication source, which is listed at the top on the User Authentication Configuration page. You have to move an authentication source to the top to display the users configured in this source.
To add an external user, see Adding External Users.
Adding Users
Expand BusinessConnect > User Management > Users in the TIBCO Administrator console.
Three types of users are available: Admin, Internal, and External.
Figure 21 Three Types of Users
You can now add other users who were granted permission to access TIBCO BusinessConnect using TIBCO Administrator.
Adding Administrative Users
To add a TIBCO BusinessConnect administrative user:
1.
Expand BusinessConnect > User Management > Users > Admin.
2.
Click Add.
Select the TIBCO BusinessConnect administrator user to add.
A list will appear showing users who have been added using TIBCO Administrator and granted permissions to access TIBCO BusinessConnect (as explained in Setting TIBCO BusinessConnect Access Rights for a User).
3.
4.
Continue editing this administrative user as explained in the section Editing Users.
The list shows whether the TIBCO Administrator user is a TIBCO BusinessConnect Super User. There are two types of super users:
Adding Internal Users
To add a TIBCO BusinessConnect internal user:
1.
Expand BusinessConnect > User Management > Users > Internal.
2.
Click Add.
3.
Continue editing this internal user as explained in the section Editing Users.
Adding External Users
External users are specified in the TIBCO BusinessConnect administrative GUI and associated with a trading partner, not with a specific protocol. The same administrative GUI is used to assign the Gateway Services, which these external users can communicate with.
TIBCO BusinessConnect supports using the TIBCO Administrator GUI to directly add, delete, and update external users to BCDB and LDAP servers, such as the Microsoft Active Directory LDAP, Sun ONE LDAP, and IBM Tivoli Directory Server LDAP, Open LDAP servers.
When adding external users to LDAP servers, ensure that you configure a valid value for the bc.ldap.rolebasedn.attribute property that is located in TIBCO Administrator GUI under BusinessConnect > System Settings > Activated Protocol Plug-ins and Properties > BC.
To add external users, perform the following steps:
1.
This authentication source is the target authentication source of your user management activities.
2.
To add an external user, expand BusinessConnect > User Management > Users > External.
3.
Click Add.
4.
Email    Enter the Email address for the new external user.
Belongs to Partner    From the list, select the name of the partner with which this external user will be associated.
5.
6.
Click Set to enter the password that will be used to authenticate the user.
7.
Click Save.
Editing Users
To edit any of the listed administrative users, perform the following steps:
1.
Expand BusinessConnect > User Management > Users > Admin|Internal|External.
2.
The Edit User dialog is displayed with three tabs: General, Group Membership, and Permissions.
General Tab for Administrative Users
The General tab has a non-editable field for User Name. This name was created using the TIBCO Administrator User Management function and cannot be changed by the TIBCO BusinessConnect User Management.
Figure 22 Editing Administrative Users: General Tab
1.
See TIBCO BusinessConnect Concepts, TIBCO BusinessConnect Super User for more information.
Change of user roles (promoting users to super users or removing the super user role) can be done by the following users:
2.
Click Apply to continue editing other two tabs, or Save if you have finished with editing this user.
General Tab for Internal Users
The General tab for non-administrative users has only two fields that are both editable: user name and password.
Figure 23 Editing Non-Administrative Users: General Tab
1.
2.
Click Apply to continue editing other two tabs, or Save if you have finished with editing.
Group Membership Tab for Administrative and Internal Users
This tab verifies user’s group membership and adds or removes the user from groups.
Add a Group
1.
Select the Group Membership tab.
The Group Membership window shows the (list of) groups that this user belongs to.
Figure 24 Group Membership Tab
2.
The Add Groups dialog is displayed.
Figure 25 Adding Groups
3.
4.
Remove a Group
1.
2.
Click Remove.
3.
Click Apply to continue editing other two tabs, or Save if you have finished with editing this user.
Permissions Tab for Administrative and Super Users
Currently, all added internal users by default are super users and have all permissions. The permissions of super users cannot be edited.
The access rights of users can be further restricted by participant and business agreement. For participants (Host or Trading Partner), users can be assigned access rights to all participants or to particular participants: access rights can be fine tuned with respect to trading partner access and business agreement access.
When you select this tab, the two subtabs appear: Participant Permission and Business Agreements Permission.
Figure 26 Editing User Permissions
Participant Permissions Tab for Administrative and Internal Users
In the Participant Permissions subtab, you can add or remove participants (host or trading partners), as well as change the permission that a particular user has regarding its access to these participants.
Add Participants
1.
Click Add Participants.
The list of trading partners configured for the current TIBCO BusinessConnect installation is displayed.
Figure 27 Adding Participants
2.
3.
Change Permissions
The list of trading partners is displayed, with the user access rights for dealing with these participants.
Figure 28 Participant Permissions for Users
4.
For an overview of user access rights, see TIBCO BusinessConnect Concepts, "Participants Access Rights."
Again, you can only reduce the level of access rights that the specific user has in dealing with the selected trading partners.
When you select the check box Select All in the category ALL, all permissions will be checked.
Remove Participants
5.
6.
Click Remove.
The participant is removed.
Business Agreements Permission Tab for Administrative and Internal Users
For Business Agreements, users can be assigned access rights to all Business Agreements or to particular Business Agreements.
This tab allows you to add and/or remove business agreements, as well as to change access rights that the specific user has regarding these agreements.
This window shows the list of business agreements to which the edited user has access rights, as well as the level of these access rights: Read, Create, Update, Delete, and Select All.
Figure 29 Business Agreement Permissions
Add Business Agreements
1.
Click Add Business Agreements.
The list of configured business agreements for the current TIBCO BusinessConnect installation is displayed.
2.
3.
Change Permissions
The list of business agreements is displayed, with the user access rights for dealing with these agreements.
Figure 30 Business Agreements Permissions for Users
4.
For an overview of user access rights, see TIBCO BusinessConnect Concepts, "Business Agreements Access Rights."
Again, you can only reduce the level of access rights that the specific user has in dealing with the selected business agreements.
When you select the check box Select All in the category ALL, all permissions will be checked.
Remove a Business Agreement
5.
6.
Click Remove.
The business agreement is removed.
Authenticating External Users
To add an authentication source for external users:
1.
Expand BusinessConnect > System Settings > User Authentication Configuration.
2.
In the External tab, configure settings as explained in Table 27.
1.
Click Add.
2.
In the type list, select the source type with which the external user will be authenticated:
LDAP   If the LDAP server is selected, proceed with configuring its settings as described in Editing LDAP Connection.
BC Database   This is the internal TIBCO BusinessConnect database.
3.
5.
Click Done.
Editing LDAP Connection
If you select the LDAP server for authentication source, enter information as described in Table 18.
Removing Users
You can remove any of the users from this list by checking the user check box and then clicking Delete.
Searching for Users
Use the Search (use * for wildcard) function to search for the users that are not displayed on the list.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved