Configure the networking feature by profile type
Edit settings in profiles-policy.xml to configure the networking feature according to profile type.
Before you begin
To edit configuration files, use the IBM WAS wsadmin client. See Starting the wsadmin client for information about how to start the wsadmin command-line tool.
About this task
When networking is enabled, users can invite other users to join their network. In this release of IBM Connections, the networking feature is enabled by default and you cannot disable it. However, you can configure access control settings for the feature according to profile type.
Procedure
The following steps provide information about the properties for the networking feature, and the access levels and scopes that you can configure.
- From the dmgr host:
cd $DMGR_PROFILE/bin
./wsadmin.sh -jython
execfile("profilesAdmin.py")If prompted to specify a service to connect to, type 1 to pick the first node in the list. Most commands can run on any node. If the command writes or reads information to or from a file using a local file path, pick the node where the file is stored.
Check out profiles-policy.xml:
ProfilesConfigService.checkOutPolicyConfig("<working_directory>", "<cell_name>")where:
- <working_directory> is the temporary working directory to which the configuration XML and XSD files will be copied. The files are kept in this working directory while you make changes to them.
- <cell_name> is the name of the IBM WAS cell hosting the Profiles application. This argument is required.
For example:
ProfilesConfigService.checkOutPolicyConfig("/wsadminoutput", "jdoe30Node02Cell")
Open profiles-policy.xml using a text editor, from the temporary directory to which you checked it out. Edit the following properties for the networking feature as needed.
profile.colleague
This property is always set to enabled to ensure that users are always able to see their possible colleagues. You cannot set the property to disabled. However, you can use the profile.colleague.connect access scope to control who can invite the user to be a colleague.
profile.colleague.connect
Controls user access to invite people to join their network.
Access levels for this property can be defined using one of the following scopes:
- none. No one can invite a user with the specified profile type to join their network. If the user has an existing network of colleagues, it is not available.
Note: Setting the scope to none does not make a user's network read-only. If you need to lock the state of a user, note that users can still remove contacts from their network when you set the scope to none.
- person_not_self. Only users with the person J2EE role can invite users with the specified profile type to join their network. The profile owner cannot invite themselves to join their own network.
Note: If resourceOwner is specified on the access check, the resource owner constraint must also be met, unless the user has the admin role.
For example:
<feature name="profile.colleague"> <profileType type="default" enabled="true"> <acl name="profile.colleague.connect" scope="person_not_self" /> </profileType> <profileType type="contractor" enabled="true"> <acl name="profile.colleague.connect" scope="none" /> </profileType> <profileType type="visitor" enabled="false"> <acl name="profile.colleague.connect" scope="none" /> </profileType> </feature>The code sample above enables the networking feature for users with the default profile type, and enables only users with the person J2EE role to invite the profile owner to join their network. Networking is also enabled for the contractor profile type, although no one can invite contractor users to join their network. Networking is disabled for users with the visitor profile type.
Save your changes and check profiles-policy.xml back in using the following command:
ProfilesConfigService.checkInPolicyConfig()
To exit the wsadmin client, type exit at the prompt. Stop and restart the Profiles server.
Parent topic
Configure features by profile type
});