As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.
Join the TIBCO Community TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.
From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
Request access to the private WebFOCUS User Group (login required) to network with fellow members.
Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.
Is it possible after I have done mapping Group from Microsoft AD to one of my group in Security Center and then resign a user to different group and login as new group, or remove that user from AD group without using AD.
Example:
Group_A(WF) Mapped to Manager(AD group) Group_A contain following users: - Max - Alex - Maria - Sopphia
above listed users are created by AutoAdded, and wanted to move Alex to new Group_B which is NOT mapped to AD.
I am able to add Alex to Group_B via Security Center, but I can not remove Alex from Group_A due to mapped to AD, so when Alex login, he still in Group_A and I don't want Alex no longer to see or belong to Group_A.
My objective is to MOVE a user that was in AD to another group in WebFOCUS without using or touch AD. Reason for this is some other application may mapped to AD in the same time, therefore, WebFOCUS should not change users in groups in AD but can be redefine to a new group in WebFOCUS ONLY.
I was think about an idea that force Alex to login as new group ONLY.
Any suggestion?This message has been edited. Last edited by: nox,
WebFOCUS AD integration was designed so all security can be managed by AD and not require security administrators to have to process authentication/authorization requests in more than one place. So if a user is part of a AD group mapped to WebFOCUS the only way to remove them from that group is via AD. WebFOCUS can not touch the AD definitions which is a good thing. Once you use AD group mapping it should be done across the board so in your case Alex should just be defined to an AD group mapped to Group_B from the get go.
Thank you for using Focal Point!
Chuck Wolff - Focal Point Moderator WebFOCUS 7x and 8x, Windows, Linux All output Formats
Posts: 2127 | Location: Customer Support | Registered: April 12, 2005
Usually there is only one AD Domain in a Company, and a Company may use several tools or applications that are mapped to AD for easier security management, but some applications may be different role for a same user. Therefore, AD usually will mapped to most important Application( SSO portal or Critical System), but due to some tools like WebFOCUS may be a different role than AD, but in same time would like to have mapped to AD to avoid most of User creation in WebFOCUS(making none sense to create same user twice in AD and WebFOCUS, worst if there is more other like WebFOCUS). Maybe this request might be one of feature in the future?
Assuming that actually not all AD user have access to WF, can you have different AD group specially defined for WF ?
Or you can defined internal WF security groups where you then assign users where you want. I understand that you need to manage users also in WF but only the group(s) where they belong to. And further more, it may only be for exception users such as Alex. All others may be assigned to the default group where no maintenance is required. I think that this may be your best option.
WF versions : Prod 8.2.04M gen 33, Dev 8.2.04M gen 33, OS : Windows, DB : MSSQL, Outputs : HTML, Excel, PDF In Focus since 2007
Posts: 2409 | Location: Montreal Area, Qc, CA | Registered: September 25, 2013