Bumping this; I didn't hear anything back when I posted the message below, about a week and a half ago. Also, I've since discovered that my Shib-backed account doesn't appear to have any privileges at all; in spite of having all the permissions boxes checked, I still don't have access to any VM images or to any but the most basic elements of the UI. What did I miss?
This is on VCL 2.2.1. Thanks, -m On Fri, Aug 24, 2012 at 01:54:42PM -0500, Michael Jinks wrote: > I just got back around to trying Josh's instructions for giving my Shib > user account admin rights: > > On Wed, Aug 22, 2012 at 11:29:54AM -0400, Josh Thompson wrote: > > > > Michael, > > > > Probably the simplest thing to do is to add your shibboleth based user > > to the adminUsers group directly in the database. Here's what to do: > > > > 1) get the id of your user: > > SELECT id, unityid FROM user WHERE unityid = 'your_user_id_here'; > > 2) note the returned id > > 3) get the id of the adminUsers group: > > SELECT id FROM usergroup WHERE name = 'adminUsers'; > > 4) note the returned id > > 5) add a record to the usergroupmembers table: > > INSERT INTO usergroupmembers > > (userid, usergroupid) VALUES > > (id_from_step_2, id_from_step_4); > > > > Then, your shibboleth account should have admin access (assuming you > > left the adminUsers group having admin access). > > The good news is that (with some help from our IDM folks) I have Shib > working for my devel VCL instance, and my account is logged in currently. > > The bad news is that I still don't have admin rights. The only > navigation links on the VCL page are "HOME", "New Reservation", "Block > Allocation", "User Preferences", "Statistics", and "Logout". > > Not sure if this is relevant or not, but when I did step 1 above, I got > two records back instead of one: > > +----+---------+ > | id | unityid | > +----+---------+ > | 6 | mjinks | > | 10 | mjinks | > +----+---------+ > > When I tried to add them to the adminUsers group, I found that id 6 was > already there, probably as a result of my previous efforts to get this > working. I added id 10 as well, but that didn't make any difference. > > I'm able to use the "Logout" button and log back in as a local admin, > thank goodness... When I go to the "Privileges" page, I find that > "Cascade to Child Nodes" is set for the adminUsers@Local group, and > permissions there are a Christmas tree, all boxes checked. > > Any idea what else I might have missed? > > Thanks as always. > > --Michael -- Michael Jinks :: [email protected] :: 773-469-9688 University of Chicago IT Services
