I wanted to change the security settings on anmySQL-based database and followed the instructions in the users guide, using the admin account role, and specifying the IJC user database template. This works fine, but I noted that once I log back in as myself, none of the views (grids, forms) that I had access to before changing the security settings were visible anymore. The only way to make them accessible is by having the admin account share these with other users. I wonder if this is meant to be like this, since you recommend that once the security settings have been succesfully changed that the admin account should be removed.
In addition, I wonder if the IJC security settings take priority over any permissions that have been granted on the mySQL administration level. What is the recommended strategy?
Yes, views belong to the individual user, so that the user can make changes to the view, even in a read-only security environment. Probably the best solution is to copy the views you need from the admin user to the new user (user the 'Copy view from other user' option in the new view dialog). Sharing them is also a possible solution, but may be less desirable in this case as you would need to keep the admin user.
Any security settings you make at the database (MySQL) level will override those set by IJC. For instance if you were to set up a user to have read-write access but used a MySQL user account that only had read-only access then IJC would try to behave in a read-write manner, but write operations would fail at the database level, which would not be what was wanted.
There is some imformation on the security settings here:
Thanks Tim, this was helpful. I was actually under the impression that I had to create the user accounts first at the mySQL level, but that does not appear to be necessary when using the IJC user database template.
One note though: the admin user account works but the admin user as such is not visible among the list of users. So how do I remove the admin user? Is this the same admin user as the one in mySQL?
IJC uses a single MySQL account for the database connection. This is distinct from the IJC users that you define. In IJC all users typcially use this single database connection information.
The admin account in IJC is nothing to do with the MySQL admin account. To remove the IJC admin account when using DB based authentication you need to edit the XML configuration for the security and delete the line towards the bottom that looks like this:
But before you remove it make sure you have created an account that has all roles, and have tested that this user works correctly. You will need this user once you delete the admin account.
More details are described here: