LQE Access Control Configuration

Overview

When integrating SECollab with IBM Lifecycle Query Engine (LQE), it is important to control which ELM users can access SECollab content through LQE. The SECollab Process data source exposes all projects in SECollab, so administrators must configure appropriate access restrictions.

Prerequisites

Before configuring permissions, ensure that:

• Both SECollab AM and Process TRS feeds are registered in LQE
• LQE has completed initial indexing of SECollab resources
• You have administrator access to LQE

Configuration Steps

1. Identify Exposed Projects

1. Navigate to the LQE administration interface at https://<lqe_host_name>:<port>/lqe/web/admin
2. Go to Access Control > Permissions
3. Expand the "SECollab Process Resources (TRS 2.0)" node to view all exposed SECollab projects
4. Review the list of projects that will be accessible through LQE

2. Create User Groups

The recommended approach involves creating separate ELM user groups for each exposed SECollab project:

1. Navigate to Access Control > User Groups
2. Click Add a new group
3. Enter a descriptive name that clearly identifies the SECollab project (e.g., "SECollab - Project Alpha Users")
4. Optionally add a description
5. Save the user group
6. Repeat for each SECollab project that requires access control

3. Assign Project Access to User Groups

1. Return to Access Control > Permissions
2. Expand the "SECollab Process Resources (TRS 2.0)" node
3. Select a SECollab project from the list
4. Click Add groups...
5. Select the corresponding user group created in step 2
6. Save the changes
7. Repeat for each SECollab project

4. Add Users to Groups

1. Navigate to Access Control > User Groups
2. Select a user group
3. Click Add a new user...
4. Enter the ELM user ID of the user who should have access to the corresponding SECollab project
5. Save the changes
6. Repeat for all users who need access
7. Repeat for all user groups

Result

Once configured, ELM users will have access to SECollab projects through LQE based on their user group membership. Users can only query and view data from SECollab projects for which they have been granted access.

Best Practices

• Mirror SECollab Permissions: Align LQE user groups with SECollab's existing project permissions to maintain consistency
• Regular Audits: Periodically review user group memberships to ensure they remain current
• Naming Conventions: Use clear, consistent naming conventions for user groups to simplify administration
• Documentation: Maintain documentation of which user groups correspond to which SECollab projects

Troubleshooting

Users cannot see expected SECollab data:

• Verify the user is added to the correct user group in LQE
• Confirm the user group is assigned to the appropriate SECollab project in LQE permissions
• Check that the SECollab Process feed is active and up to date in LQE

Projects not appearing in Permissions:

• Ensure the SECollab Process TRS feed is properly registered in LQE
• Verify LQE has completed indexing the Process feed
• Check that the OAuth credentials are valid and the connection to SECollab is active