1 2 Previous Next 18 Replies Latest reply on Apr 28, 2015 10:12 AM by Bill Robinson

    Blcli to delete a role from a user

    Lavanya Bobba

      we have a requirement to remove list of roles from users

       

      is there a blcli to remove list of roles from user

        • 1. Re: Blcli to delete a role from a user
          Bill Robinson

          RBACUser removeRole in a loop.

          • 2. Re: Blcli to delete a role from a user
            Lavanya Bobba

            Thank you Bill form confirmation. here is a quick script to read the roles from a list and remove it from users

            let me know your thoughts

             

            roleList=`cat "deleteroles.txt"`

            userlist=`cat "userlist.txt"`

            blcred cred -acquire -profile defaultProfile -i /tech/bladelogic/CustomScripts/Tools/.bladelogic/.user/rbacadmin_info.dat

            blcli_setoption serviceProfileName defaultProfile

            blcli_setoption roleName RBACAdmins

            blcli_connect

            while read rbacUser in "${userlist}"

            do

                 blcli_execute RBACUser isUserExists "${rbacUser}"

                 blcli_storeenv userExists

                 if [[ "${userExists}" = "true" ]]

                      then

                      for roleid in ${roleList//[\[|\]|,]/}

                      do

                        blcli_execute RBACUser getRoles

                        blcli_execute Utility setTargetObject

                        blcli_storeenv roleName

                        blcli_execute RBACUser removeRole "${rbacUser}" "${roleid}"

                        echo "${roleName},${rbacUser} \n">> deletedUsersfromroles.txt

                      done

                 fi

            done < deleteroles.txt

             

             

            blcli_disconnect

            • 3. Re: Blcli to delete a role from a user
              Bill Robinson

              what is in the userlist file and the 'deleteroles' file ?

              • 4. Re: Blcli to delete a role from a user
                Lavanya Bobba

                user list will have a username which has roles to be removed

                deleteroles has the list of all roles that need to be removed

                • 5. Re: Blcli to delete a role from a user
                  Lavanya Bobba

                  Here is updated one

                  for rbacUser in ${userList}

                  do

                  blcli_execute RBACUser findByName $rbacUser

                  blcli_execute RBACUser getRoles

                  blcli_execute Utility setTargetObject

                  blcli_storeenv roleList

                        for roleid in ${roleList//[\[|\]|,]/}

                            do

                              blcli_execute RBACUser getRoles > /dev/null

                              blcli_execute Utility setTargetObject

                              blcli_storeenv roleName

                              blcli_execute RBACUser removeRole "${rbacUser}" "${roleid}"

                              echo "${roleName},${rbacUser} \n">> deletedUsersfromroles.csv

                              

                            done

                  done < deleteroles.txt

                  blcli_disconnect

                  • 6. Re: Blcli to delete a role from a user
                    Bill Robinson

                    in what format?  because it looks like you think it will have [ ] around it ? and then why are you loading the list of roles for the user ?

                    • 7. Re: Blcli to delete a role from a user
                      Lavanya Bobba

                      format is plain text and i am loading list of roles to verify if them exist

                       

                      when i execute this i got below error:

                      Command execution failed. com.bladelogic.om.infra.mfw.util.NotFoundException: No user with name TCS10011 was found.

                      Command execution failed. java.lang.Throwable: Command Execution Failed: java.lang.Throwable: Command Execution Failed

                      Command execution failed. java.lang.Exception: No return value present in context

                      Cannot store a failed command result

                      • 8. Re: Blcli to delete a role from a user
                        Bill Robinson

                        yeah - i think you have a lot wrong in your script and i don't know why a lot of it is there...  for example:

                        for rbacUser in ${userList}

                        do

                        ...

                        done < deleteroles.txt

                        -> you are either iterating over the variable ${userList} or you are reading from the deleteroles.txt... not both.

                         

                          for roleid in ${roleList//[\[|\]|,]/}

                        -> you are doing that why?  does rolelist have  [ ] in it ?

                         

                                    blcli_execute RBACUser getRoles > /dev/null

                                    blcli_execute Utility setTargetObject

                                    blcli_storeenv roleName

                        -> why are you doing that?  you don't have a rbacuser object loaded into memory, then you try and run 'getRoles', assuming that even worked you then set the target object to a return that could be multiple objects, and then save that as a variable that indicates you think it's a single name.

                         

                               

                        blcli_execute RBACUser removeRole "${rbacUser}" "${roleid}"

                        -> then you run this bit which doesn't make sense because the command takes the username and role name, not the id...

                         

                        i haven't tested the below but this should be closer.

                        - read the list of users to process out of the userlist file (not the deleteroles file)

                        - for each user see if it exists

                        - if it exists, then iterate over the list of role names to delete and run the command to remove that role from the user.

                         

                        blcred cred -acquire -profile defaultProfile -i /tech/bladelogic/CustomScripts/Tools/.bladelogic/.user/rbacadmin_info.dat

                         

                        blcli_setoption serviceProfileName defaultProfile

                        blcli_setoption roleName RBACAdmins

                        blcli_connect

                         

                        while read rbacUser

                        do

                             blcli_execute RBACUser isUserExists "${rbacUser}"

                             blcli_storeenv userExists

                             if [[ "${userExists}" = "true" ]]

                                  then

                                  while read roleName

                                  do

                                    blcli_execute RBACUser removeRole "${rbacUser}" "${roleName}"

                                    echo "${roleName},${rbacUser}">> deletedUsersfromroles.txt

                                  done < deleteroles.txt

                             fi

                        done < userlist.txt

                        • 9. Re: Blcli to delete a role from a user
                          Lavanya Bobba

                          Bill

                           

                          I am trying to gather bits and pieces of code from different script and it finally became a wrong code

                           

                          I will test your script with few changes and update you with results.

                          • 10. Re: Blcli to delete a role from a user
                            Lavanya Bobba

                            @Bill Robinson

                             

                            Here is the script that worked if i give Full user name including domain , ex :username@@@ad1.prod

                             

                            while read rbacUser   roleName

                            do

                                 blcli_execute RBACUser isUserExists "${rbacUser}"

                                 blcli_storeenv userExists

                                 if [[ "${userExists}" = "true" ]]

                                      then

                                        blcli_execute RBACUser removeRole "${rbacUser}" "${roleName}"

                                        echo "${rbacUser},${roleName}">> deletedUsersfromroles1.csv

                                      else

                                   echo "User Not Exists "

                                 fi

                            done < "deleteRoles1.csv"

                            echo " deleted roles from users"

                            blcli_disconnect

                             

                            is there a way to have this working only with username

                            • 11. Re: Blcli to delete a role from a user
                              Bill Robinson

                              the rbac user name is user@domain.

                              • 12. Re: Blcli to delete a role from a user
                                Lavanya Bobba

                                input file contains only user id, not full name

                                 

                                even though it reads RBACuser, i am getting below error with only id

                                falseUser Not Exists

                                • 13. Re: Blcli to delete a role from a user
                                  Bill Robinson

                                  right, 'user' is not an rbac object.  user@domain.com

                                   

                                  how are you getting the user list ?

                                  • 14. Re: Blcli to delete a role from a user
                                    Lavanya Bobba

                                    we get the manual user list from auditors in excel file

                                    1 2 Previous Next