Using different Portal Role Files

Portal Roles only control what is visible in portal so you should be able to change the portal role without affecting anything contained in the RM.

Do you need specific instructions for changing this field?

Thanks matt.

I know how to change it on an individual record in Lawson Security. What I am hoping is that there is a way I can utilize Mass Assignment in RM to change multiple users at once. However, I am unable to come up with a way (other than naming each individually) to select the multiple users on whose profile I want to change this value.

Have you ever done anythign similar to this?

Do you know of a way to create a complex select statement in RM that says if they have Role1 and Role2, but do not have Role3, then add them to the list.

My other thought was to use LDAP Query Browser to identify the users whose roel file I'd like to change to the new ESS-only Portal Role file. But, then I don't know how I could import this into RM after th fact.

Thank you Matt.

One way to do it is to query all the information needed from each user. Save it as a comma delimited file so you can manipulate it in excel. Then create a script to change the csv into the correct format for loadusers and use loadusers to load this information.

That's a lot of work, but one way of doing it.

Thanks Matt.

The problem with that is that our experience has been that although loadusers is a great tool for creating new profiles, it is not so strong for editing existing profiles. it seesm that when we run it to update an existing profile, it overwrites the existing profile information with only the data contained in the new xml file.

So, for example, if we try to update only the portal role file of a user, since there is no role data in the users.xml file, once complete...the userid would have no roles assocated with it because there were none in the user.xml file.

Are we donig somethng wrong? Have you done similar updates and not seen the existing user data overwriitten?

Thank you.

Your observation is correct that is why you would need to dump all the information and reload it. You need to find a way to dump the information from the LDAP, edit what you want to edit, and then use loadusers to reload it.

Unfortunately to my knowledge there is no easy way of doing this.

Just be careful using LDAP browser, but I have done this so many times. When you search using LDAP Browser return only the zzlwsnattrPortalRole attribute, after that you can export the file and save it to your Desktop, edit the file using a text editor and make the necessray changes, you can use the LDAP browser again to import the file back.

Arvin Ojales

..or before using the LDAP browser, if you can query the users that you want to change, you can use the RM Administrator and run a 'Mass Assignment' under Tools.

I use apache directory studio. I dump ldap make changes by find and replace and reload the ldap.

I also made sure of a few things for scanning or grouping for mass changes. for instance groups, roles and the portal profile I spent time figuring out how I wanted it all to come together.

We just went live on 90 security. Because I took my time understanding groups w/bookmarks, portal profiles and roles. It is a breeze to make mass changes.

Thank you for your replies. I still have a couple of additional questions though. I hope you wouldn't mind providing additional repsonses...

1.) When you use the loadusers utility, how do you do so without updating the passwords? If I am able to do this, I don't want to have to reset all the individual's passwords in the process.
2.) (fred.kobos) You stated that mass-assignment in RM is easy to use. I agree, when you can easily identify who you want to change. My problem is in identifying who needs the desired changes. I'd like to do two things, first, remove a particular role from almost everyone's profile and second, change multiple user's portal role files based on their degree of usage of portal functionality. Any tips/tricks on how to identify these users "easily"?

Thank you all once again for sharing your experiences with me!