IBM Connections – Restricting the Community Types Users can create

A while ago we had a requirement to restrict the Community types users can create, in the following I will describe how you can do that. First of these settings are primarily managed in “communities-policy.xml”, you must do the following steps to check the file out and be able to edit it.

  • Start the “wsadmin” command tool and give yourself the administration rights.

./wsadmin.sh -lang jython -username wasadmin -password <password>

execfile(“communitiesAdmin.py”)

  • Check out the “communities-policy.xml” configuration file.

wsadmin>CommunitiesConfigService.checkOutPolicyConfig(“/data/tmp”,”ic-cell01″)

  • Navigate to the folder where you have extracted the community configuration files and open “communities-policy.xml” file in your preferred editor.

Going through the Configuration file you will get the idea what you can do. But simply editing the file won´t get the job done, we also need to make use of the “Security role to user/group mapping” in Websphere console. We will get to that towards the end. Being the case that we cannot create additional user roles in WAS, we must make use of what we have offered, so in the example bellow we will make use of the “Reader” Role in Community application.

    The plan was to allow all users to create only Restricted Communities and grant the “Power Users” the ability to create Restricted and Moderated Communities, “Global” Community Administrators will still have the right to create all types of Communities, including Public Communities. In order to do that you have to take the following steps.

  • Add the following lines under <comm:policy>, Reader section:

<comm:permission class=“com.ibm.tango.auth.permission.CommunityManagementPermission”communityType=“private”action=“create”/>

  • And comment out the following lines in the Community Creator Role section (using “<!–” and “–>”):

<!– <comm:permission class=”com.ibm.tango.auth.permission.CommunityManagementPermission” communityType=”public” action=”create” /> –>

Screenshot of the Configuration file: 

  • Save the changes and check the configuration files back in.

CommunitiesConfigService.checkInPolicyConfig()

  • After that, make sure that the WebSphere Nodes are Synchronized.
  • Change the Security role to user/group mapping.

By using the following settings all Users will be allowed to create Restricted and Moderated Type of Communities.

By mapping the “Special Subjects” to “None” and setting a desired User Group for “community-creator” role, we can achieve the desired settings.

After clicking the “OK” button, the application should be restarted automatically, so you do not have to restart it manually, but keep that in mind, because your users will not be able to access Communities during restart. After doing so, we should have the following result, all users can create Restricted Communities:

Power Users have additionally the ability to create Moderated Communities:

This is just one of the possibilities you have, you could for example also manipulate the configuration file to take away the ability for all users to create Restricted Communities.

Advertisements

Engage 2019 – Part Two – Notes 11, Future of Connections and more!

After the exciting first two days, we continued at the same pace, the first sessions started at 8 o´clock. So after grabbing a few cafe cups and making some hard decisions on which Sessions to visit, I started going toward the presentation rooms. Just like in the previous post, I will list the Sessions I have visited and add some Information, which from my perspective is most important.

IBM Engagement Center Quickstart: Get your first Intranet pages up and running in minutes – by Martti Garden

In this Session, Martti unleashed the full power of ICEC and showed some tips and tricks, like resizing YouTube videos automatically, in order to “rock” any Connections Environment.

Notes 11 – by Ram Krishnamurthy

This got pretty interesting, by the way, as you can imagine, the room was completely full. Ram presented us the new Notes 11 Client. The Session consisted from three parts, first we got to see what HCL is striving to Achieve with the new release. We basically got a glimpse of how it should look at the end.

After that, we got to see the current state of the pre Beta release.

After the Design was presented, Ram explained us some technical differences and improvements which are going to be available on the new Notes 11 client.


IBM Connections: The Future is Bright – by Danielle Baptiste and Martti Garden

In this Session Danielle confirmed that HCL is going to continue to invest into Connections Platform, because of a strategic importance for HCL. Martti also showed us some new features which are going to come with the new CR Releases, like Integration with Slack! We also got to see what is coming with Connections 6.0 CR5, which is going to be released in the next two weeks. After the CR5, we should get at least two more CR Updates this year.

Domino on Docker Bootcamp – by Daniel Nashed and Thomas Hampel

Interested in running Domino (including Traveler) on Docker!? If that´s the case, then this was the session to be. Daniel and Thomas explained everything you need to know to “kick-start” your Domino deployment on Docker.

Domino and SSO – New Ways for secure collaboration – Round Table by Daniele Vistalli

In this Round Table Daniele presented his own Application/Solution for generating SSO Tokens, meant for environments or Use Cases where you can’t use SAML. The application is great, it is based on Domino and it shows just how versatile the platform is.

IBM Connections Customizer – Have it Your Way! – by Miki Banatwala

Miki showed us the true power and flexibility of IBM Connections Customizer. What I liked the most was the possibility to show different content based on different user groups.

Sadly could not visit all Sessions, every track had at least two or three sessions which were interesting to me, so it was always a tough call which session to choose.
Like always, the organization of the Conference was brilliant, many thanks to Theo!

IBM Connections – How to change Personal Notification Preferences for all Users

You may find yourself in a situation where you need to change the personal IBM Connections E-Mail Notification Settings for all Users. IBM Connections Users have the following options to choose from:

17_49_39-Email Notifications

There is a set of Default Settings which is applied to every user, as soon as the TDI-Sync runs, and the user is created in a database. So, the first thing to do, is to change these default settings. The official documentation does a pretty good job explaining the possibilities you have here, like Locking the User Notification Preferences, and the steps needed to apply the changes, so I won´t go in greater detail on those here. It is important to keep in mind, except if you are not “locking” the preferences, the preferences on Email notifications will only be set automatically for users which are created in Connections, as a result of the TDI Assembly Line, after you make those changes. In order to test the modifications made, you could use the “Restore Defaults” option on the Notification Preferences page.

But changing the default settings will not have any impact on the existing users, to change the notification options for them, you need to take a different approach.

I wanted to change the notification settings for all Users to “No Email”, but still make sure that the users can change those settings if they wish to, so simply locking those settings was not an option. I tried locking the Notification settings for all users to “No Email”, but after removing the lock, the setting would just be reverted to the setting done earlier. It turns out that there is no other possibility than to change the records in the database directly. A word of warning, you should contact the IBM Support before proceeding, because changing the records in the Connections Databases directly is not supported, I also recommend a database backup. 🙂

I am using for IBM Data Studio Software, but any other Database Software which allows you to connect to your type of database will suffice.

The Database Tables in which we need to change the records are “HOMEPAGE.EMD_RESOURCE_PREF” and “HOMEPAGE.EMD_EMAIL_PREFS” (in the HOMEPAGE database), a big thumbs up to Martin Schmidt for saving me countless hours searching for the correct table. Both of these tables have “PERSON_ID” column, so I searched in the “HOMEPAGE.PERSON” table for my test accounts in order to find out the “PERSON_ID” values of these accounts, so I could reproduce the desired state of one account and make sure that the changes made are valid and as I wanted them set. I’ve done that with the following SQL statement:

select *

from empinst.employee

where prof_display_name = ‘Milan Matejic’;

After getting the right “PERSON_ID”, I could check the Records in “HOMEPAGE.EMD_RESOURCE_PREF” and “HOMEPAGE.EMD_EMAIL_PREFS” tables.

— Email Notifications

select *

from homepage.emd_resource_pref

where person_id = ’13a96f01-37d8-4674-ae51-f6d2d19ee8e9′;


— Direct Emails

select *

from homepage.emd_email_prefs

where person_id = ’13a96f01-37d8-4674-ae51-f6d2d19ee8e9′;

The columns we need to change are “SEND_DIRECTED” in “HOMEPAGE.EMD_RESOURCE_PREF” table and “RESOURCE_TYPE” in “HOMEPAGE.EMD_EMAIL_PREFS” table. Setting “SEND_DIRECTED” to ‘0’ will result in deactivating “Receive notifications from other people by email”. For “RESOURCE_TYPE” we have the following options:

‘4’ –> Weekly

‘3’ –> Daily

‘2’ –> Individual

‘1’ –> Deactivated

In my case I wanted to set the notifications to “No Email” for all users, so I went with setting ‘1’ in all rows in the table.

Note: Before making changes for all users, you should make the change just for one test user, to make sure that there are no problems and that your statement is working properly.

I accomplished the task with the following update statements:

—– Update Statement HOMEPAGE.EMD_RESOURCE_PREF

update homepage.emd_resource_pref

set frequency_type = ‘1’

where frequency_type != ‘1’;

—– Update Statement HOMEPAGE.EMD_RESOURCE_TYPE

update homepage.emd_email_prefs

set send_directed = ‘0’

where send_directed != ‘0’;

Before and after running the update statements, you can verify the changes by looking on the number of rows with certain settings:

—- Search for Frequency Type

select *

from homepage.emd_resource_pref

where frequency_type = ‘1’;

—- Search for Send Direct

select *

from homepage.emd_email_prefs

where send_directed = ‘0’;

After running the update statements, just refresh your browser, there is no need to restart any applications or components.

As a bonus, I created an Enhancement Request, so hopefully in future we don’t need to change the database records for this, so please vote for it by accessing the IBM Connections Product Ideas Lab.

IBM Connections Docs – Issue with File Preview in Google Chrome

I recently deployed a new Connections Environment, together with IBM Connections Docs Applications. After the installation I have encountered an issue with a File Preview, some files cannot be viewed in a Google Chrome Browser. Screenshot of the issue:

We could reproduce this issue only with “.doc” and “.docx” files and only in Google Chrome, version 72, where the Preview still works well with other office files like “.ppt” and “.xlsx”. In other Browsers like the newest version of Firefox (65.0.2) and IE, there are no such issues.

It turns out that issue lies with Code in the current Version of Google Chrome, Version 72.0.x, so if you have the possibility, try to delay or stop the update in your environment until there is a solution for this issue. IBM is currently working on a Fix for this Bug, and it may be available as a Fix for IBM Connections Files rather than a IBM Docs Fix, so read the Release notices carefully.

As a workaround you can open the problematic files in “Edit” mode, if you have sufficient access rights, here the contents will be displayed without any issue.

I have deployed IBM Connections 6.0 CR4 and IBM Docs 2.0 CR3 iFix006, but some folks have the same issue also with older Version of IBM Connections and IBM Docs.

IBM Connections Plug-in for Microsoft Outlook – End of Support

There was a lot of speculation recently what happened with “IBM Connections Plug-in for Microsoft Outlook”, it was removed from the Solution Catalog without any Information prior to the removal.

Now it is official, yesterday an official article was published stating that the Plug-in will not be available for download in the Solution Catalog. You will still be able to get it by opening a Case in the IBM Support Portal, until December 31, 2019, bug fixes and security Updates will also be available until this time. For more Information take a look at the official article:

https://www-01.ibm.com/support/docview.wss?uid=ibm10869556&myns=swglotus&mynp=OCSSYGQH&mync=E&cm_sp=swglotus--OCSSYGQH--E

I liked this plug-in and it is a mystery to me why it got removed…

Problems adding Blogs Widget after updating to Connections CR3

I am not 100% sure if this is related to IBM Connections CR3 Update oder WAS 8.5.5 FP14 update. But after I applied both updates, I got the following error in the GUI, when I tried to add the “Blogs” or “Ideation Blogs” widget to a community:

CLFWZ0004E: Event ‘widget.added’ sent to remote lifecycle handler at /blogs/roller-ui/BlogsWidgetEventHandler.do returned bad response: 302 – Found

I was able to solve this issue by mapping the “wasadmin” user to the “reader” role in Blogs “Security role to user/group mapping”. In one Instance I needed to map the “reader” role to the “All Authenticated in Application´s Realm”. Take a look to the Screenshot bellow:

mapping