3 Replies Latest reply on Oct 5, 2016 2:42 PM by Bill Robinson

    BlACLPolicy addpermission question

    Daniel Bousquin

      Hello,

       

      We  had a request to create a role similar to an existing role which has authorizations in many many policies and I have to

      go through add authorizations for this new role into those policies.

       

      I was able to script a list of the needed policies and authorizations needed that I would have to duplicate and I'm using

      this list as input to populate all the policies with the new role authorizations.

       

      This is a snippet of what I have.  I had a few control characters because it is run on windows I had to remove.

       

      INFILE=./blinput.txt

      while IFS=$'\t' read blRole blAuth blPolicy; do

      p2=$(echo $blPolicy | tr -d "\n" )

      p2=$(echo $p2| tr -d "\r" )

      echo "blPolicy:${p2}<"

      echo ">BlRole: ${blRole}< blAuth: ${blAuth}< \n"

      blcli_execute BlAclPolicy addPermission  ${p2}  ${blRole}  ${blAuth}

      done <$INFILE

      bl_disconnect

      echo "Done!"

       

      My results are as follows,

       

      DBKey:SBlAclPolicyModelKeyImpl:2084006-108282055bl

      DBKey:SBlAclPolicyModelKeyImpl:2084006-108282055bl

      DBKey:SBlAclPolicyModelKeyImpl:2084006-108282055bl

       

      But the policies are not updated.

       

      Anyone provide any insight of why the policies are not updating?

       

      thanks

      -Dan

        • 1. Re: BlACLPolicy addpermission question
          Bill Robinson

          sure you are using the right command ?

           

          Command Name : addPermission

          ...

          This command adds a permission entry to the access control list (ACL) controlling access to an ACL policy. A permission consists of a role and an authorization.

           

          -----------

          Command Name : addPolicyPermission

          ....

          This command adds a permission entry to an ACL policy. A permission consists of a role and an authorization. Important: This command is adding a permission to the internal ACL that defines the policy, not to the ACL that controls access to this policy.

          • 2. Re: BlACLPolicy addpermission question
            Daniel Bousquin

            I got the same response with addPolicyPermission.  it returns the DBKey value as specified earlier.

            I've tried it with both the Authorization type and without, same result.

             

            Here is my code.

             

             

            INFILE=./blinput.txt

            while IFS=$'\t' read blRole blAuth blPolicy; do

            p2=$(echo $blPolicy | tr -d "\n" )

            p2=$(echo $p2| tr -d "\r" )

            echo "blPolicy:${p2}<"

            echo ">BlRole: ${blRole}< blAuth: ${blAuth}< \n"

            blcli_execute BlAclPolicy addPolicyPermission  ${p2}  ${blRole}  ${blAuth} system

            done <$INFILE

            bl_disconnect

            echo "Done!"

             

             

            And to clarify, when you open a policy, on the 2nd Tab on the bottom  (Policy Access Control List), This is where I want to add the authorizations

            to this list  ( Shows Role / Authorization / Type ).

            • 3. Re: BlACLPolicy addpermission question
              Bill Robinson

              this works fine:

              blcli_execute BlAclPolicy addPolicyPermission TestPolicy BLAdmins Server.Read system

               

               

              i'd make sure all your text processing is sending the right thing into the command...