Attribute permissions

The XML files on disk are not used at run-time. They are only there

as a reference if one would ever want to revert back to the original values.

To change the permissions on the iwtUser-role attribute, use the admin console,

select the appropriate domain, role, or user profile, select the User component

and click the "Show Read/Write Permissions" radio button. You can then enable

write permission.

Keep in mind that if a user can change their role, they can change it to the

admin role and thereby get permission to change anything.

Tom

Super-User wrote:

>

> Hi,

>

> based on the iPlanet knowledgebase I tried to set a user profile

> via the dynamic profile servlet, however this fails due to

> an error:

> com.iplanet.portalserver.profile.ProfileException: Permission denied in

> setting attributes or privileges

>

> This is what I did:

>

> Profile p = sess.getUserProfile();

> p.setAttributeString("iwtUser-role",rolename,Profile.NEW);

>

> I modified /etc/opt/SUNWips/xml/iwtUser.xml so that iwtUser-role

> now has

> <iwt:Att name="iwtUser-role"

> desc="Users Role"

> type="string"

> idx="u12"

> userConfigurable="TRUE">

> <Rperm>ADMIN</Rperm><Rperm>OWNER</Rperm>

> <Wperm>ADMIN</Wperm><Wperm>OWNER</Wperm>

> </iwt:Att>

>

> I restarted the server afterwards

>

> Anything I forgot?

>

> thanks

>

> Bob

708768 at 2007-6-29 2:29:50 >