drewkoenig

RCM Portal Configuration

Discussion created by drewkoenig on Apr 23, 2012
Latest reply on May 3, 2012 by Chris_Hackett

By deafult the RCM portal is wide open. Eventually you want to lock it down, at a minimum remove the Administration tab. The RCM documentation is very vague on how to do this. It mentions that the setting exist in the Eurekify.cfg file but has no reference to what each element in the portal is called.

To get the details you need to do some hunting but I will post the core elements for the portal to make it easier.

The file that contains all the portal elements is located in eurekify-jboss\conf\ and is called portal-structure.xml (this is not in the documentation)
Going through the XML strucuture you come up with the page elements that are then used to grant access to.

Here they are in the format for the Eurekify.cfg.
================================
[HomePage.*]

[TmsSystem.InboxTasks]
[TmsSystem.MyRequests]
[TmsSystem.DefaultTickets]
[TmsSystem.Tickets]
[TmsSystem.DelegationPage]

[SelfService.manageTeamRoles]
[SelfService.manageSelfRoles]
[SelfService.manageTeamResources]
[SelfService.requestNewRole]
[SelfService.requestUpdateRole]

[EntityBrowser.*]

[Dashboard.ConfigurationDashboard]
[Dashboard.AuditcardDashboard]
[Dashboard.ComplianceDashboard]
[Dashboard.FlowDashboard]
[Dashboard.RolesCoverageDashboard]
[Dashboard.OldDashboard]

[Reports.ConfigReports]
[Reports.PrivilegesQualityMangement]
[Reports.RoleManagement]
[Reports.PolicyManagement]
[Reports.Campaigns]

[Administration.NewCampaign]
[Administration.SetCampaign]
[Administration.AdminFlows]
[Administration.CampaignAdministration] (more submenus)
[Administration.ScheduledTasksPage]
[Administration.TxLogPage]
[Administration.Cache]
[Administration.raci]
[Administration.accounts]
[Administration.UniversesSettings]
[Administration.Settings]
[Administration.Checkup]
[Administration.Supportability]
[Administration.BPRPolicy]
[Administration.ExtractRdb]
[Administration.JCSAdminUI]
================================

To enable security you need to turn off the security disable, which is backawards.
In the settings through the portal change sage.security.disable from true to false (recycle the JBOSS instance)

Then go into the Eurekify.cfg from the database. You will need to goto File > Review Database and make Eurekify.cfg writeable, by default it's locked. In this config you should see the users you loaded from the universe(s) and can create various roles for access. Be cautious on how granular you get, you can shoot your self in the foot by making it too locked down. If you do, and I did, you can go into the SQL DB directly and manually reset the security settings, AD Auth back to what they were if you can't get into the portal or to the Settings to reset them back.

Also, from my experience thus far, you need to recycle the JBOSS service when you change the Eurekify.cfg.

Outcomes