IBM Connections – Restricting the Community Types Users can create

A while ago we had a requirement to restrict the Community types users can create, in the following I will describe how you can do that. First of these settings are primarily managed in “communities-policy.xml”, you must do the following steps to check the file out and be able to edit it.

  • Start the “wsadmin” command tool and give yourself the administration rights.

./wsadmin.sh -lang jython -username wasadmin -password <password>

execfile(“communitiesAdmin.py”)

  • Check out the “communities-policy.xml” configuration file.

wsadmin>CommunitiesConfigService.checkOutPolicyConfig(“/data/tmp”,”ic-cell01″)

  • Navigate to the folder where you have extracted the community configuration files and open “communities-policy.xml” file in your preferred editor.

Going through the Configuration file you will get the idea what you can do. But simply editing the file won´t get the job done, we also need to make use of the “Security role to user/group mapping” in Websphere console. We will get to that towards the end. Being the case that we cannot create additional user roles in WAS, we must make use of what we have offered, so in the example bellow we will make use of the “Reader” Role in Community application.

    The plan was to allow all users to create only Restricted Communities and grant the “Power Users” the ability to create Restricted and Moderated Communities, “Global” Community Administrators will still have the right to create all types of Communities, including Public Communities. In order to do that you have to take the following steps.

  • Add the following lines under <comm:policy>, Reader section:

<comm:permission class=“com.ibm.tango.auth.permission.CommunityManagementPermission”communityType=“private”action=“create”/>

  • And comment out the following lines in the Community Creator Role section (using “<!–” and “–>”):

<!– <comm:permission class=”com.ibm.tango.auth.permission.CommunityManagementPermission” communityType=”public” action=”create” /> –>

Screenshot of the Configuration file: 

  • Save the changes and check the configuration files back in.

CommunitiesConfigService.checkInPolicyConfig()

  • After that, make sure that the WebSphere Nodes are Synchronized.
  • Change the Security role to user/group mapping.

By using the following settings all Users will be allowed to create Restricted and Moderated Type of Communities.

By mapping the “Special Subjects” to “None” and setting a desired User Group for “community-creator” role, we can achieve the desired settings.

After clicking the “OK” button, the application should be restarted automatically, so you do not have to restart it manually, but keep that in mind, because your users will not be able to access Communities during restart. After doing so, we should have the following result, all users can create Restricted Communities:

Power Users have additionally the ability to create Moderated Communities:

This is just one of the possibilities you have, you could for example also manipulate the configuration file to take away the ability for all users to create Restricted Communities.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s