How do you configure rights for admin to create new workflows?


Is there a way to configure the rights for an admin account to create new workflows in Workflow Builder?

The user must have the LICENSE_IBM_TRIRIGA_Application_Builder license. This license is required to create a new workflow or BO. The core licenses can modify workflows and BOs, but not create new ones.

[Admin: To see other related posts, use the License tag or Workflow tag.]

Continue reading

Advertisements

Can you disable the IBM TRIRIGA “System” account?


We are considering the disabling of the default System account for security reasons. We are currently protecting the account with a long strong password. Does anyone have any experience with this? Is this System account used in internal system processes where disabling it will not work or will wreck havoc on the system?

I don’t think you can “disable” the System account. Typically, what you have done already is as far as most people go. I’ve heard of one company having an executive type in the password and keeping the password secret until it’s needed for some justifiable reason.

Through the application or database, you could populate a random number which then no one would know. But I’d highly recommend taking a copy of your database before you start testing, changing the password, or anything else down that path. You could corrupt the database by trying to disable the System account.

[Admin: To see other related posts, use the Admin Group tag or Password tag.]

Continue reading

Why can’t a non-Admin user see reservable spaces in organization?


We have some reservable spaces with system geography and system organization settings. A non-Admin user also has the same geography settings. There are security groups for reservations, and organizations and geography security groups are assigned to him. The geo and org security groups have the same geo and org as the space and profile. But the non-Admin user still isn’t able to see spaces.

He is only able to see them when the first level of the org hierarchy is provided in the group (i.e. \Organization). But as soon as the second level is given in the group, he isn’t able to see them. Can anyone help me on this? I think there is some issue in the org, but I don’t know exactly where it is.

[Admin: To see other related posts, use the Geography tag or Organizations tag.]

Continue reading

Why do queries that are expected to display data show nothing?


When running queries against records within the application, expected record results are not displayed. Why do queries that are expected to display data show nothing at all?

Within the application, we have a variety of different settings that can restrict a user’s access to record data. The user’s Security Group can restrict access to records at the module and BO level, but each use case is slightly different. 

Within every user-facing record, on the System tab, there are fields for System Organization, System Location and System Geography. These values operate in conjunction with similar fields on the Security Group and the User’s People record to allow and restrict access to records. 

The key is that as soon as the user is given a defined Organization, Location, and Geography, the fields on the System tab of their People record are populated. Once that happens, each record they create will be seeded with that information as well. So far, all is well and good, but those users who lack similar settings are now unable to see those newly created records, unless their System fields are the same as or located at a higher point in the hierarchy.

Another area to consider is the Security Group settings for Organization and Geography. If a user has no values set on their People record, the application can still restrict access by using the Security Group values. This can cause a problem as the Organization and Geography Security is defaulted to null in the as-shipped application. This essentially gives the security code no starting point for determining access and will not display records.

To recap, if the record data does not align with the data in the user’s People record, or the data in the user’s Security Group, the record will not be displayed. As mentioned, there are a couple of things to look for. As an Admin user, compare the user’s record data with the record that should be displayed, and correct any misaligned data. Also, in the Security Group, set the Organization and Geography to the root of each hierarchy by default. For additional details, please review the following TRIRIGA wiki article: Security Overview.

Continue reading

How do you report a triProperty with more than one triBuilding?


I have a few questions from our customer about TRIRIGA reports:

  • Question 1: We want to create a report to show the triProperty which has more than one triBuilding as children. By using an association filter, we can only show the triProperty which has at least one triBuilding. By using a summary report, we can group by triProperty to show the number of triBuilding it has, but we can’t add another criterion based on the “Number” column. So, both two solutions above don’t work.
  • Question 2: How can we do something like a “left join” in a multiple-BO report? We have noticed that the behavior of multiple BOs in a report acts more like an “inner join” query. The filter based on the secondary BO will also impact the primary BO result. Do you know any way to get a “left join” result in TRIRIGA?
  • Question 3: How can we share a list of reports with users who are members of a specified security group? Our customer doesn’t want to grant the access of the “My Report” application for those groups, and they would like a solution that is more dynamic than adding those reports into the portal of the user. I don’t know if there is way to do this. Can the Admin user define a favorite list for the end users?

[Admin: To see other related posts, use the Reports tag or My Reports tag.]

Continue reading

Why can’t “Create” state transition be triggered through OSLC?


I have an issue where it is not possible for non-Admin users to trigger the Create state transition through our OSLC interface. Instead, we get the following error:

2017-06-27 13:08:10.301 UTC ERROR [com.tririga.platform.integration.oslc.OslcRequestDispatcherImpl](Default Executor-thread-34280) Failed to read message: null
2017-06-27 13:08:10.301 UTC ERROR [com.tririga.platform.integration.oslc.OslcRequestDispatcherImpl](Default Executor-thread-34280) Exception in OSLC call: com.tririga.platform.integration.oslc.OslcException. message=java.lang.ClassCastException: com.tririga.platform.metadata.domain.BoStateTransitionId incompatible with com.tririga.platform.metadata.domain.gui.GuiStateTransitionMetadata

The fact that I am able to create and associate the record using an Admin user says to me that this is related to permissions, but I’ve made sure that the user has full security access for both the BO/form it is trying to create, the BO/form that it is attaching it to, and all other BOs/forms that are associated to it, and it still gives me the error above.

When I open the created record that my Admin user created, it looks to be correct. But when I open the one that the non-Admin user tried to create, it shows an empty record. None of the fields are saved in a null state, which of course is because it didn’t get created, the Create state transition was not triggered. Any idea of what is causing this issue? And how to resolve it?

[Admin: To see other related posts, use the OSLC tag.]

Continue reading

Why aren’t capital projects viewable by non-Admin users?


We have some capital projects created, and they are viewable only when logged in as an Admin-level person. But as non-Admins, we are unable to view the projects. If we login as a non-Admin and click on the magnifying glass, a query comes where no projects are shown in searching for it. It’s no use whether I select company-level or project-level. Any clues on access? Or how a non-Admin can see the projects?

Were the non-Admin user groups added to the Security tab of the project?

[Admin: This post is related to the 02.13.17 post about project context and security. To see other related posts, use the Admin Group tag.]

Continue reading