I just got back around to trying Josh's instructions for giving my Shib user account admin rights:
On Wed, Aug 22, 2012 at 11:29:54AM -0400, Josh Thompson wrote: > > Michael, > > Probably the simplest thing to do is to add your shibboleth based user > to the adminUsers group directly in the database. Here's what to do: > > 1) get the id of your user: > SELECT id, unityid FROM user WHERE unityid = 'your_user_id_here'; > 2) note the returned id > 3) get the id of the adminUsers group: > SELECT id FROM usergroup WHERE name = 'adminUsers'; > 4) note the returned id > 5) add a record to the usergroupmembers table: > INSERT INTO usergroupmembers > (userid, usergroupid) VALUES > (id_from_step_2, id_from_step_4); > > Then, your shibboleth account should have admin access (assuming you > left the adminUsers group having admin access). The good news is that (with some help from our IDM folks) I have Shib working for my devel VCL instance, and my account is logged in currently. The bad news is that I still don't have admin rights. The only navigation links on the VCL page are "HOME", "New Reservation", "Block Allocation", "User Preferences", "Statistics", and "Logout". Not sure if this is relevant or not, but when I did step 1 above, I got two records back instead of one: +----+---------+ | id | unityid | +----+---------+ | 6 | mjinks | | 10 | mjinks | +----+---------+ When I tried to add them to the adminUsers group, I found that id 6 was already there, probably as a result of my previous efforts to get this working. I added id 10 as well, but that didn't make any difference. I'm able to use the "Logout" button and log back in as a local admin, thank goodness... When I go to the "Privileges" page, I find that "Cascade to Child Nodes" is set for the adminUsers@Local group, and permissions there are a Christmas tree, all boxes checked. Any idea what else I might have missed? Thanks as always. --Michael
