Setting user roles for external collaboration
Assign the EMPLOYEE_EXTENDED role to internal users who are allowed to create content that is visible to external users.
You must start the wsadmin client and load profilesAdmin.py in order to run the commands that set user roles. See Starting the wsadmin client and Running Profiles administrative commands for more information.
The user whose role you set must be registered with Profiles via IBM® Tivoli® Directory Integrator.
By default, internal users cannot create contents that are visible to external users. However, to create contents that can be seen by external users (such as VISITOR role), an internal user (such as EMPLOYEE role) must be assigned with the EMPLOYEE_EXTENDED role. Users with this role can then designate Communities, Activities, and Files as visible to known external users.
Internal users with EMPLOYEE_EXTENEDED role, can share and collaborate with external users if they are members of these designated Communities and Activites. Additionally, internal (EMPLOYEE role) users can update and comment on Files shared with external users.
Note: To remove the EMPLOYEE_EXTENDED role from a user, assign the EMPLOYEE role or the DEFAULT_ROLE role to that user. See Profiles administrative commands for more information about roles and the commands that you use for setting roles.
-
Set a role for an individual user.
You can identify the user with an email address or with an external ID.
Option Description ProfilesService.setRole(String user_email_addr, String role) Set the role using an email address.
```ProfilesService.setRole("ajones277@example.com", EMPLOYEE_EXTENDED)
setRole Command processed user role 'employee.extended' for user ajones277@example.com|
|**ProfilesService.setRoleByUserId\(String user\_external\_id, String role\)**|Set the role using an external ID.<br>
ProfilesService.setRoleByUserId("8e88c240", EMPLOYEE_EXTENDED)
setRole Command processed user role 'employee.extended' for user 8e88c240```
Notes:
1. You can use the getMemberExtIdByEmail("email") or getMemberExtIdByLogin("login") commands to retrieve the external ID of a user. For more information about these commands, see Synchronizing user data using administrative commands
2. Although the ID is shown here as an 8 digit hexadecimal number, an ID can be any format, such as a GUID. For example, "ec8a89c0-f41d-102c-9b60-f225bc6c4af4".|
-
Set the same role for multiple users.
Assign the same role to a set of users by listing either user IDs or email addresses in a text file.
-
role: The role to assign to each user in the list.
- filename: The name of the text file that contains the list of users. The file must be locally accessible from the client environment.
**Note:** If you are processing several hundreds of users, create several files and run them in separate commands. |**Option**|**Description**| |----------|---------------| |**ProfilesService.setBatchRole\(String role, String filename\)**|Assign the specified role to each user whose email address is listed in the text file. The text file must contain one valid email address per line.<br>```ProfilesService.setBatchRole(EMPLOYEE_EXTENDED, "profiles-roles-by-email.txt") setBatchRole request processed Command processed user role 'employee.extended' for users [ JonesA377@example.com, JohnSmith4@example.com, JaneR@example.com ]```| |**ProfilesService.setBatchRoleByUserId\(String role, String filename\)**|Assign the specified role to each user whose ID is listed in the text file. The text file must contain one valid user ID per line.<br>```ProfilesService.setBatchRoleByUserId(EMPLOYEE_EXTENDED, "profiles-roles-by-userid.txt") setBatchRole request processed Command processed user role 'employee.extended' for users [ 8d579540, 110f82c0, 5876de62, 5426de62 ]```<br>**Notes:**<br>1. You can use the getMemberExtIdByEmail\("email"\) or getMemberExtIdByLogin\("login"\) commands to retrieve the external ID of a user. For more information about these commands, see *Synchronizing user data using administrative commands*<br>2. Although the IDs are shown here as 8 digit hexadecimal numbers, an ID can be any format, such as a GUID. For example, ec8a89c0-f41d-102c-9b60-f225bc6c4af4.|
What to do next
Run one of the following commands to find out which role is assigned to a user.
-
Retrieve the role that is associated with a user's email address by running the command
ProfilesService.getRoles(String user_email_addr)
.ProfilesService.getRoles("aalain@example.com") [employee]
-
Retrieve the role that is associated with a user's directory ID by running the command
ProfilesService.getRolesByUserId(String user_external_id)
.ProfilesService.getRolesByUserId("ec8a89c0-f41d-102c-9b60-f225bc6c4af4") [employee.extended]
Parent topic: Managing external user access
Related information