AppNote: Letting Users Modify Personal Attributes
Novell Cool Solutions: AppNote
By Mark Hinckley
Digg This -
Posted: 11 May 2005
Sometimes it would be nice to allow users to modify some of their own personal information attributes themselves, rather than requiring an admin person to change these values for them. For example, I could let my end users modify their own Telephone Number, Fax Number, and Room Number attributes.
These are the basic tasks that will make this happen:
- Task 1: Enable "[This]" to display in iManager.
- Task 2: Grant rights for users to modify the desired attributes.
- Task 3: Create a custom iManager plug-in for the user to modify these attributes.
- Task 4: Create a custom task to modify the specific user attributes.
- Task 5: Reset the rights for this task.
- Task 6: Restrict the buttons users will see in iManager.
Each of these tasks is described in this AppNote.
Task 1: Enable [This] to display in iManagerTo enable [This],
- Click the iManager Configure button (man behind desk)
- Expand the iManager Server Role
- Click the Configure iManager task
- Click the Misc tab.
- Check the Enable [this] box (if not already checked)
- Click Save.
Figure 1 - Enabling [This] in iManager
Task 2: Grant rights for users to modify the desired attributes.
First you need to decide at what level you want to grant these rights. Your choices are: the container(s) where all users reside; the container that is the root of the subtree where users reside; or, most convenient, the root of the tree (or the top Organization object), if all other containers are below that point. Rights will be granted to the attributes at the Tree root object in this example.
- Click the Roles and Tasks button (backwards D), expand the Rights role, then click the Modify Trustees task.
- Enter a string value or use the browse button to select your tree name (or whatever context you decided upon), then click OK.
- If [This] does not already show up as a trustee name, then click the Add Trustee button, select [This] and click OK.
- Click the Assigned Rights link on the line with [This].
- If the properties you want to give all users rights to on their own object are not present already, then click Add Property. In this example we want Telephone Number, Fax Number, and roomNumber properties.
- In the pop-up dialog box check the "Show all properties in schema" box, then scroll down to select the property you want to give rights to. For example, to grant rights to Telephone number, select the Telephone Number property.
- Click OK.
- If it didn't already exist, a new line will appear for Telephone number, with the Compare and Read rights boxes checked. Check the Write right box and the Inherit box at the end of the line. You can leave Read and Compare checked or remove it, because the Write right gives these rights automatically.
- Repeat steps 5 through 7 for any other properties you want to allow users to edit. For this example, I have added Facsimile Telephone Number and roomNumber to the list also. Note that the initial lower case properties appear after all the initial upper case properties.
- If no Trustee rights previously existed for [This], then the process of adding the initial trustee automatically added two ACLs for [All Attributes Rights] and [Entry Rights]. After you have created and saved the needed specific ACLs for the attributes you want, you should delete these two automatically defined ACLs, as they are not needed, and may grant more rights that you want to give in your tree. Check the box at the beginning of the line for these two entries, and Click the Delete button.
- Click Done.
- Click OK or Apply on the Modify Trustees page to save you changes.
Figure 2 - Modifying Trustees
Figure 3 - Modifying Trustees, continued
Figure 4 - Adding properties
Figure 5 - Deleting automatic ACLs
Users now have rights to modify these attributes on their own objects. To make changes, users will need access to a tool, such as "User Administration for <tree>" from the Novell Client icon in the task bar. Then, selecting the Work Information option will display a dialog box with Telephone number and Fax number, and a user can click Edit to modify those values.
If the user has access to ConsoleOne or NWAdmin, he can now use those utilities to modify only those attributes (assuming no other rights have been granted to the user). If iManager is run in unrestricted mode, users can access their own objects and modify the attributes they have rights to, including any special properties such as the roomNumber, by using the Other section from the General Tab.
Task 3: Create a custom iManager plug-in for the user to modify these attributes
ConsoleOne or NWAdmin may not be your preferred method for users to access the specific attributes you have in mind. They mostly deal only with a fixed set of attributes. You can also enable other predefined attributes, such as roomNumber, or use other custom defined attributes of your own. To do this, you grant rights to those attributes (Tasks 1 and 2) and then create a custom iManager Plug-in for your users to access these attributes.
Creating custom plug-ins requires that Role Base Services (RBS) be configured in iManager. You cannot do this from the Unrestricted access mode. If you haven't configured RBS, you must do that first. The rest of the instructions here presume that RBS is already configured.
To create a custom Role for the custom task to reside under,
- Access the Configuration page (click the "man behind the desk" button).
- Expand the Role Base Services role.
- Click RBS Configuration.
- Click the collection name (default name: Role Based Services 2.<context>). The Role tab is highlighted by default.
- Click New.
- Select iManager Role. The Create Role Wizard then starts.
- Fill in the name for your role (for example, User Information) and fill in the description box if desired.
- Click Next.
- Click Next.
- Click Next.
- In the Name field, type or browse to the container where the user objects are contained. My users are in the Users.Acme container, so that is what I am going to select. If you have users in multiple containers, you will need to repeat this line for each container where the users are.
- In the scope field, enter the same container name again.
- Click Add to create a new line at the bottom of the screen with the Name and scope you just entered. This will determine which users will be able to see the Role in iManager and where the Role will be effective.
- Leave the Assign Rights and Inheritable boxes checked and click Next.
- Click Finish on the next page and click OK on the page following that. This brings you back to the list of Roles on the Collection page.
Figure 6 - Creating a custom role
Figure 7 - Naming the role
This screen (Step 2) is for assigning tasks to this role. We will skip that for now.
This screen (Step 3) is for assigning a category. You can create a new one, but it is easier to pick one that already exists. For this example, I will choose Users and Groups at the bottom of the scroll-down list.
This screen (Step 4) is for assigning the members and scopes. This is where we will assign the task we will create shortly to the users.
Figure 8 - Assigning members and scopes
Task 4: Create a custom task to modify the specific user attributes
- Click the Task tab. Click New and select iManager Task (or click the Plug-in Studio task under the Role Based Services task in the left column - both will generate the same thing).
- In the Plug-in Properties section, enter the name of the task in the Plug-in ID field. I am going to call my task "User editable info."
- In the RBS Collection box, browse to the collection object, typically "Role Based Service 2.<context>".
- In the Role box, browse to the role you created above (it will be below the Collection container object).
- Click the Advanced link just below the Role name. A pop-up box with Advanced Properties appears.
- Clear the check box next to "Allow multiple object editing" to ensure that users can only select a single object at a time.
- Click OK.
- In the attributes box, scroll down to the first attribute you want to access in this plug-in (such as Facsimile Telephone Number).
- Double-click the default MV String Editor control. A line appears in the Plug-in Fields section with the name of the attribute and the edit box for it. The button with the magnifying glass is the Control Properties button.
- To change the display name for this attribute to Fax Number, click that button and fill in the preferred name in the Custom Label field.
- Click OK.
- To include the roomNumber attribute in the plug-in, select it and choose the same MV String Editor control.
- Use the properties button and change the name to Office Location.
- Click OK.
- To allow users to edit Telephone Number, select this attribute. A new value will appear in the list of edit methods. Since this Attribute has a well-known syntax, iManager provides a special editor function if you want to use it.
- To use the special editor, double click the Phone Editor control. This puts an edit line in the Plug-in fields box with a sample phone number in the format that will be enforced when the data is entered. Here you can change the name and phone number format if you want to.
- To see what the actual task will look like when a user accesses it, select the Preview function at the top of the screen. This will display a new window with your task in it. It is live, and you can test and make changes with your task.
- If it meets your expectations, close the Preview window and proceed to the next step. Otherwise, go back and make changes as needed.
- Click the Install function at the top of the screen.
- Click OK. You have now created and installed the task.
Figure 9 - Creating a custom task
You are now in the Create iManager Task wizard.
For this example, leave the first page defaults, and click Next. This is the page to define your custom task.
Figure 10 - Setting advanced properties
Figure 11 - Selecting an attribute in the Plug-in Studio
Figure 12 - Setting control properties
Figure 13 - Adding an edit method (Plug-in Field)
Figure 14 - Previewing the task
Task 5: Reset the rights for this task
- Go to the Edit Member Association task under Role Based Services in the left column.
- Select the same container name where you assigned the Role above. The role you created earlier will be there, with the Assign Rights and Inheritable boxes checked.
- Uncheck the Assign Rights box, which will also uncheck the Inheritable box.
- Click OK twice. This removes the rights for this task that would otherwise grant every user the right to modify every other user's set of attributes defined in this task.
We will rely on the Tree rights we assigned earlier to give each user the rights to modify their own attributes. We must go through the step of first granting rights, then removing them, because one other ACL will be left behind that will tell iManager that the users can have the role and task when they log in. Otherwise, the users would see no roles and tasks at all.
Figure 15 - Editing member association
Task 6: Restrict the buttons users will see in iManager (optional)
The task creation is now complete. You can stop here, or take it one step further, and remove the extra buttons from the top of the iManager page, so users are limited to just the Roles and Tasks page and can't go to the other pages at all.
- Go to the Views role, and select the iManager Views task.
- In the object name box, enter or browse to the same container the users are in that we used above.
- Click OK. This brings up the views page and allows you to either show or hide any of the buttons at the top of the page. To display only the Roles and Tasks button, set that one to Show and all the others to Hide.
- Clear the check box for Read parent container.
- Click OK twice, and you are finished.
Figure 16 - iManager views
Users can now access the iManager URL, and they will see only the task to modify their own personal data. They will be able to browse and see other users, but unless additional rights have been granted, even though the edit boxes will appear for the attributes defined in this plug-in, users will not see any data. They will only be able to see and modify their own data.
Figure 17 - User-editable information
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com