...
Note |
---|
Note: adding the “Administrator” privilege to the new CAME profile is insufficient for creating new CAME profiles or generating/re-generating activation codes for existing CAME profiles. |
The following sections explain:
Adding a 2FA admin account to an existing CAMIS Profile.
Checking what 2FA Admin profiles exist already.
Troubleshooting your existing CAMIS profile.
To add 2FA Admin to an existing profile.
Use the connection corresponding to development, acceptance or production as follows:
For development: connect using TWOFA@TTSXD18
For acceptance connect using TWOFA@TTSXA18
For production: Connect using TWOFA@TTSXP18
Get next value from sequence:
SELECT AC040_STAKEHOLDER_ID_SEQ.nextval FROM dual;
**This will be used as theSTAKEHOLDER_ID
Create a record in the
TWOFA.AC040_STAKEHOLDER
table
**Note: GLOBAL_USERID_LBL is just a random string of 12 alphanumeric characters. You can use sites like https://privacycanada.net/strong-password-generator/ to generate the stringCode Block language sql INSERT INTO TWOFA.AC040_STAKEHOLDER (STAKEHOLDER_ID, STAKEHOLDER_TYPE_CD, NAME_FIRST_NM, NAME_LAST_NM, STAKEHOLDER_CREATED_ID, GLOBAL_USERID_LBL, USER_LAST_UPDATE_ID) VALUES (:stakeholder_id, 1, 'First Name', 'Last Name', 1, :12_chars_alphanumeric, 1);
Create a record in
TWOFA.AC043_INTERNAL_STAKEHOLDER
Code Block language sql INSERT INTO TWOFA.AC043_INTERNAL_STAKEHOLDER VALUES (:stakeholder_id, 1, :12_chars_alphanumeric, 1, :tc_user_id, SYSDATE, NULL, SYSDATE, 1);
Connect the CAMIS environment, using CAMIS_DATA_ADMIN@CAMISPADMIN, to the corresponding to where the twofa updates are being made.
Copy the string fromTWOFA.AC040_STAKEHOLDER.GLOBAL_USERID_LBL
into the CAMIS databaseCAMIS.AA008_APPLICATION_USER.TWOFA_USERID_LBL
for the newly created TWOFA accountCode Block language sql UPDATE CAMIS.AA008_APPLICATION_USER SET TWOFA_USERID_LBL = :12_chars_alphanumeric WHERE TC_USER_ID = :tc_user_id;
APPLICATION_CD to use in the script provided in this step
Dev: 4
Acc and Prod: 1
Create a record inTWOFA.AC002_XREF_APPLICATION_USER
with the following standard valuesCode Block language sql INSERT INTO TWOFA.AC002_XREF_APPLICATION_USER (STAKEHOLDER_ID, APPLICATION_CD, ROLE_CD, STAKEHOLDER_CREATED_ID, USER_LAST_UPDATE_ID) VALUES (:stakeholder_id, 4, 2, 1, 1);
Info |
---|
APPLICATION_CD Dev: 4 |
...
Example of adding 2FA admin access to a production account.
User: Michelle Le (LEMI)
Code Block | ||
---|---|---|
| ||
--TWOFA@TTSXP18 SELECT AC040_STAKEHOLDER_ID_SEQ.nextval FROM dual; INSERT INTO TWOFA.AC040_STAKEHOLDER (STAKEHOLDER_ID, STAKEHOLDER_TYPE_CD, NAME_FIRST_NM, NAME_LAST_NM, STAKEHOLDER_CREATED_ID, GLOBAL_USERID_LBL, USER_LAST_UPDATE_ID) VALUES (2491, 1, 'Michelle', 'Le', 1, 'J5MBODB0SAJM', 1); INSERT INTO TWOFA.AC043_INTERNAL_STAKEHOLDER VALUES (2491, 1, 'J5MBODB0SAJM', 1, 'LEMI', SYSDATE, NULL, SYSDATE, 1); --CAMIS_DATA_ADMIN@CAMISP UPDATE CAMIS.AA008_APPLICATION_USER SET TWOFA_USERID_LBL = 'J5MBODB0SAJM' WHERE TC_USER_ID = 'LEMI'; --TWOFA@TTSXP18 INSERT INTO TWOFA.AC002_XREF_APPLICATION_USER (STAKEHOLDER_ID, APPLICATION_CD, ROLE_CD, STAKEHOLDER_CREATED_ID, USER_LAST_UPDATE_ID) VALUES (2491, 1, 2, 1, 1); |
...
Run the query below using the TWOFA connection for the environment that you would like to check:
For Development, the APPLICATION_CD =4; for Acceptance and Production use APPLICATION_CD =1
Code Block | ||
---|---|---|
| ||
-- Find all users who have CAMIS 2FA admin accounts SELECT s.STAKEHOLDER_ID, ins.TC_USERID_LBL, s.NAME_FIRST_NM, s.NAME_LAST_NM, s.ACCOUNT_LOCKED_IND, s.GLOBAL_USERID_LBL, ins.CERTIFICATE_DN_NM FROM AC040_STAKEHOLDER s JOIN AC043_INTERNAL_STAKEHOLDER ins ON s.STAKEHOLDER_ID = ins.STAKEHOLDER_ID and TC_USERID_LBL is not null JOIN AC002_XREF_APPLICATION_USER au ON au.STAKEHOLDER_ID = s.STAKEHOLDER_ID and au.APPLICATION_CD = 4 -- eMER DEV. For Acc and Prod the APPLICATION_CD = 1 and au.ROLE_CD = 2 -- Admin WHERE s.STAKEHOLDER_TYPE_CD = 1 -- Internal user ; |
...
b) the following script can be used to check your 2FA admin account.
c) verify that the folder “TC_Directory” is present. If the TC_Directory folder is missing, users with Admin access will not be able to generate new activation codes or add internal CAME users in CAMIS via the
ADMIN → User Admin menu.
Code Block | ||
---|---|---|
| ||
select
AC040_STAKEHOLDER.STAKEHOLDER_ID AS "AC040_STAKEHOLDER.STAKEHOLDER_ID",
AC040_STAKEHOLDER.STAKEHOLDER_TYPE_CD AS "AC040_STAKEHOLDER.AC040_STAKEHOLDER.STAKEHOLDER_TYPE_CD", -- should be 1.
AC040_STAKEHOLDER.NAME_FIRST_NM AS "AC040_STAKEHOLDER.NAME_FIRST_NM",
AC040_STAKEHOLDER.NAME_LAST_NM AS "AC040_STAKEHOLDER.NAME_LAST_NM",
AC040_STAKEHOLDER.ACCOUNT_LOCKED_IND AS "AC040_STAKEHOLDER.ACCOUNT_LOCKED_IND", --should be 0
AC040_STAKEHOLDER.GLOBAL_USERID_LBL AS "AC040_STAKEHOLDER.GLOBAL_USER_ID_LBL",
AC040_STAKEHOLDER.DATE_DELETED_DTE AS "AC040_STAKEHOLDER.DATE_DELETED_DTE", --should be NULL/empty
AC043_INTERNAL_STAKEHOLDER.CERTIFICATE_DN_NM AS "AC043_INTERNAL_STAKEHOLDER.CERTIFICATE_DN_NM", --should be the same as the GLOBAL_USER_ID_LBL in AC040_STAKEHOLDER
AC043_INTERNAL_STAKEHOLDER.TC_USERID_LBL AS "AC043_INTERNAL_STAKEHOLDER.TC_USERID_LBL", --user's network id
AC043_INTERNAL_STAKEHOLDER.DATE_DELETED_DTE AS "AC043_INTERNAL_STAKEHOLDER.DATE_DELETED_DTE", --ahould be NULL/empty
AC002_XREF_APPLICATION_USER.APPLICATION_CD AS "AC002_XREF_APPLICATION_USER.APPLICATION_CD", --should be 1.
AC002_XREF_APPLICATION_USER.ROLE_CD AS "AC002_XREF_APPLICATION_USER.ROLE_CD", --ahould be 2.
AC002_XREF_APPLICATION_USER.DATE_EXPIRY_DTE AS "AC002_XREF_APPLICATION_USER.DATE_EXPIRY_DTE", --should be NULL/empty
AC002_XREF_APPLICATION_USER.DATE_DELETED_DTE AS "AC002_XREF_APPLICATION_USER.DATE_DELETED_DTE" --should be NULL/empty
from
(((AC040_STAKEHOLDER
inner join AC043_INTERNAL_STAKEHOLDER on AC040_STAKEHOLDER.STAKEHOLDER_ID = AC043_INTERNAL_STAKEHOLDER.STAKEHOLDER_ID)
inner join AC002_XREF_APPLICATION_USER on AC040_STAKEHOLDER.STAKEHOLDER_ID = AC002_XREF_APPLICATION_USER.STAKEHOLDER_ID))
where AC040_STAKEHOLDER.STAKEHOLDER_ID = <stakeholder_id>; -- replace <stakeholder_id> with your stakeholder_id from AC040
|
Info |
---|
Set up 2FA PROD account by directing inserting GCkey MBun info (this below script is provided by Michelle Le) → if we want the access to eMER prod as CAMIS admin |
...
|
...
AC040 |
...
|
...