Updating user roles on Apache Tomcat after upgrading

After you reinstall or upgrade Rational® Publishing Engine, update the user roles for connecting to the remote services that are deployed to Apache Tomcat.

About this task

Table 1. Remote services user roles
Role Capabilities
Document generation user (rpe_docgen_user)
  • Can generate documents remotely or locally from the client applications
  • Can view output files and logs about their document generation jobs
Document generation administrator (rpe_docgen_admin)
  • Can generate documents remotely or locally from the client applications
  • When used with the rpe_monitor_admin role, can view output files and logs from the document generation jobs initiated by any user
Central Management component user (rpe_library_user)
  • Can view public assets from the Document Studio application
  • Can use public assets to design templates
Central Management component contributor (rpe_library_contributor)
  • Can view assets from the Document Studio application
  • Can use assets to design templates
  • Can submit assets from the Document Studio application
  • Can modify their existing assets from the Document Studio application
Central Management component administrator (rpe_library_admin)
  • Can view the assets that are created by any user from the Document Studio application
  • Can use assets that are created by any user to design templates
  • Can submit assets from the Document Studio application
  • Can modify the existing assets that are created by any user from the Document Studio application
  • Can create assets in the Central Management component administrative user interface
  • Can modify existing assets that are created by any user from the Central Management component administrative user interface
  • Can remove assets created by any user from the Central Management component administrative user interface
Monitor & Control component user (rpe_monitor_user)
  • Can change the state of their document generation jobs
  • Allows their document generation jobs to be monitored by users with the rpe_monitor_admin role
Monitor & Control component administrator (rpe_monitor_admin)
  • When used with the rpe_docgen_admin role, can view output files and logs from the document generation jobs initiated by any user
  • Can change the status of the document generation jobs initiated by any user

Procedure

  1. Open the Apache Tomcat Manager in a browser: http://server:port/manager/html. Example: http://localhost:8080/manager/html.
  2. Stop the deployed Web Services application. In the Applications section, locate the rpews.war application row and click Stop.
  3. Create Apache Tomcat users and roles for the Monitor & Control component.
    1. Open the tomcat-users.xml file, which is located by default in $CATALINA_HOME\conf\tomcat-users.xml.
    2. Add the user, contributor, and administrator roles for the services you are using.
      Tip:
      • See the table in the About this task section above for descriptions of each role.
      • For added security, create more than one client user and give only one the rpe_docgen_user role. The document generations that users create might contain confidential data. By creating two types of users, you can ensure that only users who have permission to view the result outputs can view them.
      <role rolename="rpe_docgen_admin" />
      <role rolename="rpe_docgen_user" /> 
      <role rolename="rpe_library_user"/>
      <role rolename="rpe_library_contributor"/>
      <role rolename="rpe_library_admin"/>
      <role rolename="rpe_monitor_user"/>
      <role rolename="rpe_monitor_admin"/>
    3. Add at least one administrator and assign the administrator both the administrator and the user roles for the services you are using. Example:
      <user username="rpe_admin" password="password" roles="rpe_docgen_admin,rpe_library_admin,rpe_monitor_admin"/>
    4. Add at least one client user. Assign the client user the user roles for the services you are using. Example:
      <user username="rpe_client" password="password" roles="rpe_docgen_user,rpe_library_user,rpe_monitor_user"/>
      <user username="rpe_contributor" password="password" roles="rpe_docgen_user,rpe_library_contributor,rpe_monitor_user"/>
    5. Optional: Add additional client and contributor users. Example:
      <user username="user1" password="password" roles="rpe_docgen_user,rpe_library_contributor,rpe_monitor_user"/>
  4. Start the Web Services application. In the Applications section of the Apache Tomcat Manager, locate the rpews.war application row and click Start.

Feedback