<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Roles assigned to repositories or OUs are on top of the application roles (admin, user, developer, analyst, etc) so to be able to logon to kie-wb you’ll need to have one of the application roles and then roles specific to repository and/or OU. <div>There is a mechanism to map different application roles but they are global to installation of kie-wb meaning that whenever you change it it will apply to all OUs and repositories on given instance of kie-wb.</div><div><br></div><div>So to make it to work make sure that your users are assigned to one or more application roles (admin, user, developer, analyst) and it should work just fine.</div><div><br></div><div>Maciej<br><div><div>On 24 sie 2014, at 07:52, Zahid Ahmed <<a href="mailto:zahid.ahmed@emirates.com">zahid.ahmed@emirates.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">HI Alex,<br><br>The issue is still not resolved. And my real problem is how to associate my custom roles to permissions (Kindly refer to below example and attachment in last reply.)<br><br>I have created custom roles and assigned those roles to user in user manament db. Then I assigned the new custom roles to the Organizational Units (OUs), one OU per project.<br><br>Kindly see attachment for clarification.<br><br>And I created following custom roles<br>*Project A and OU A*<br><br>*Custom Role: Permission*<br>cs_A_admin Can Create, Can deploy, Can delete, Can view<br>cs_A_developer Can Create, Can delete, Can View, Can Update<br>cs_A_analyst Can Create, Can View, Can Update<br>cs_A_business Can View<br><br>*Project B and OU B*<br>*Custom Role: Permission*<br>cs_B_admin Can Create, Can deploy, Can delete, Can view<br>cs_B_developer Can Create, Can delete, Can View, Can Update<br>cs_B_analyst Can Create, Can View, Can Update<br>cs_B_business Can View<br><br><br>My question is where to map role and permissions ? where to do these configurations. CLI tool help does not say anything about this.<br><br>*Custom Role: Permission*<br>cs_admin Can Create, Can deploy, Can delete, Can view<br>cs_developer Can Create, Can delete, Can View, Can Update<br>cs_analyst Can Create, Can View, Can Update<br>cs_business Can View<br><br>Authorization_Issue_2.png<br><<a href="http://drools.46999.n3.nabble.com/file/n4030691/Authorization_Issue_2.png">http://drools.46999.n3.nabble.com/file/n4030691/Authorization_Issue_2.png</a>> <br><br><br><br>--<br>View this message in context: <a href="http://drools.46999.n3.nabble.com/BRMS-6-Access-Permissions-Configuration-Not-Restricting-Custom-Roles-tp4030679p4030691.html">http://drools.46999.n3.nabble.com/BRMS-6-Access-Permissions-Configuration-Not-Restricting-Custom-Roles-tp4030679p4030691.html</a><br>Sent from the Drools: User forum mailing list archive at <a href="http://Nabble.com">Nabble.com</a>.<br>_______________________________________________<br>rules-users mailing list<br><a href="mailto:rules-users@lists.jboss.org">rules-users@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/rules-users<br><br>_______________________________________________<br>rules-users mailing list<br><a href="mailto:rules-users@lists.jboss.org">rules-users@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/rules-users">https://lists.jboss.org/mailman/listinfo/rules-users</a></div></blockquote></div><br></div></body></html>