0

i have applied access roles for primary views and the access roles are assigned to groups.

ISSUE: i have page to add/remove users from those active directory groups, and i can verify from active directory that user was added/removed from group, but the user still see the old pages he was assigned to.

I noticed that the access roles is refreshed when i restart the websphere server that has the content engine.

please advise how to fix this issue.

UPDATE: my content engine server cache configuration

enter image description here

ᄂ ᄀ
  • 5,669
  • 6
  • 43
  • 57
Mahmoud Saleh
  • 33,303
  • 119
  • 337
  • 498

1 Answers1

1

FileNet Workplace relies on Content Engine API regarding information about directory users/groups. Content Engine has server cache where information retrieved from directory server is stored. It might be that changes that you made in AD are not reflected there (yet). The easiest way to fix this is to restart Content Engine.

You can also adjust corresponding TTL entires in Content Engine configuration:

enter image description here

enter image description here

The workplace users/groups cache is managed by Cached Memory Timeout in process engine as mentioned here http://pic.dhe.ibm.com/infocenter/p8docs/v4r5m1/index.jsp?topic=%2Fcom.ibm.p8.doc%2Fpe_help%2Fadmin_hb%2Fwfa_user_cache.htm and the minimum time is one hour.

Mahmoud Saleh
  • 33,303
  • 119
  • 337
  • 498
ᄂ ᄀ
  • 5,669
  • 6
  • 43
  • 57
  • what configuration i need to change to make the groups changes reflects shortly in workplace ? – Mahmoud Saleh Oct 02 '13 at 09:48
  • You need change PrincipalCacheEntryTTL (the value is in seconds). Please note that Workplace itself might also cache information about access roles - I am not aware if it really does. – ᄂ ᄀ Oct 02 '13 at 10:01
  • i cant't find PrincipalCacheEntryTTL property in my content engine server cache configuration. – Mahmoud Saleh Oct 02 '13 at 10:19
  • those are the following configuration properties i see in server cache tab: http://pic.dhe.ibm.com/infocenter/p8docs/v4r5m1/index.jsp?topic=%2Fcom.ibm.p8.doc%2Fce_help%2Faboutem%2Faem_em_properties_server_cache_tab.htm – Mahmoud Saleh Oct 02 '13 at 10:29
  • Not all entries are directly available for editing through Server Cache tab. This setting is editable through Subsystem configuration. I added one more image to the answer. – ᄂ ᄀ Oct 02 '13 at 10:33
  • above solution worked very fine with groups related to document classes in content engine, but this doesn't affect on access roles groups, any ideas about that ? – Mahmoud Saleh Oct 02 '13 at 11:20
  • i think that the workplace cache is managed by `Cached Memory Timeout` in process engine as mentioned here http://pic.dhe.ibm.com/infocenter/p8docs/v4r5m1/index.jsp?topic=%2Fcom.ibm.p8.doc%2Fpe_help%2Fadmin_hb%2Fwfa_user_cache.htm – Mahmoud Saleh Oct 02 '13 at 12:16
  • No ideas except enabling debug logging for Workplace application and studying Workplace.log. I don't think Workplace access roles are in any way related to PE settings. This setting would only affect log on to PE. – ᄂ ᄀ Oct 02 '13 at 13:59
  • it's actually the Cached Memory Timeout in the process engine configuration, i tested it, and the minimum time is one hour. – Mahmoud Saleh Oct 03 '13 at 06:51