7 Replies Latest reply on Jun 5, 2011 7:45 PM by Joshua Skirde

    Script to create users and roles in 8.x

      Has anyone already created a script to add users and roles to BMC BladeLogic 8.x?  I have a lot of users and roles to add to a new environment.


      Thanks,
      Michael

        • 1. Re: Script to create users and roles in 8.x

          I think Bill has a script that will take it in from an spreadsheet. It should be the same command set for 7.x as it is for 8.x for just roles and users.

          • 2. Re: Script to create users and roles in 8.x
            Bill Robinson

            It's still a work in progress. It's meant to be a complete acl template, folder, role,user, etc creation script...

            • 3. Re: Script to create users and roles in 8.x
              sawai singh

              hi bill , do u have that script , if yes could you please share it.

              • 4. Re: Script to create users and roles in 8.x

                This script snippet may help, it takes input of a csv file


                #todo: setup blcli connection

                BLCLI="echo blcli "

                while read LINE ; do

                    echo LINE: $LINE
                NAME=`echo $LINE | awk -F"," '{print $1}'`
                echo NAME $NAME

                DESCRIPTION=`echo $LINE | awk -F"," '{print $2}'`
                echo DESCRIPTION $DESCRIPTION

                PASSWORD=`echo $LINE | awk -F"," '{print $3}'`
                echo PASSWORD $PASSWORD

                ROLE1=`echo $LINE | awk -F"," '{print $4}'`
                echo ROLE1 $ROLE1

                ROLE2=`echo $LINE | awk -F"," '{print $5}'`
                echo ROLE2 $ROLE2

                ROLE3=`echo $LINE | awk -F"," '{print $6}'`
                echo ROLE3 $ROLE3

                #Check that name, password are not empty

                if [ "x$NAME" = "x" ] ; then
                  echo error no name found in $LINE
                  continue
                fi

                if [ "x$PASSWORD" = "x" ] ; then
                  echo error no password found in $LINE
                  continue
                fi

                echo

                $BLCLI RBACUser createUser $NAME $PASSWORD "$DESCRIPTION"

                if [ "x$ROLE1" = "x" ] ; then
                  continue
                fi

                $BLCLI RBACUser addRole $NAME $ROLE1

                if [ "x$ROLE2" = "x" ] ; then
                  continue
                fi

                $BLCLI RBACUser addRole $NAME $ROLE2

                if [ "x$ROLE3" = "x" ] ; then
                  continue
                fi

                $BLCLI RBACUser addRole $NAME $ROLE3


                done < users.csv

                • 5. Re: Script to create users and roles in 8.x
                  sawai singh

                  thanks buddy, very helpful, am looking for the script which can also create roles and assign authrization profile to role some thing that specific.

                  • 6. Re: Script to create users and roles in 8.x

                    Hi Bill,

                    I'm integrating BBSA into an exisiting environment with 6000+ servers (heterogeneous - all types).

                    We have 50-100 different groups managing these servers and have decided to use roles to segregate the authority, eg: Group1 has a role Group1 and ACL Policy Group1 applied to all their targets.

                     

                    The blcli RBACRole feature is lacking the createRole option - this is going to severely hamper efforts to automate the creation of new support groups via script.

                     

                    I read in another communities thread (~ 2006) that createRole was an unreleased or undocumented feature with an example using blcli -D<java class> and also in the thread above that the script to do-it-all® was in progress at May 2010 (one year ago!!).

                     

                    Can you update us on where the script is at, and/or how we could find and use the elusive blcli RBACRole createRole feature?

                     

                    Edit

                    I now find out that not only am I prevented from creating roles, but that I also cannot apply Authorization Profiles either to ACL Policies or ACL Templates with blcli

                     

                    TGIF

                     

                    Message was edited by: Simon Marko

                    • 7. Script to create users and roles in 8.x
                      Joshua Skirde

                      Hi Simon,

                       

                      RBACRole createRole is available in BBSA 8.1. As you have indicated it's an unreleased command in 8.0.

                       

                      You can use BlAclTemplate addTemplatePermissionProfile in 8.0 to add an AuthProfile to an ACL Template.

                       

                      ACLPolicies do not contain AuthProfiles. Whilst you can add them from the GUI, they are actually expanded to the various authorizations that the AuthProfile consists of. For example if I had an AuthProfile called "Browse Servers" and it consisted of "Server.Read and Server.Browse" then when added to the ACLPolicy I would see "Server.Read and Server.Browse". Any subsequent changes to the "Browse Servers" AuthProfile would not be reflected in the ACLPolicy.

                      I have previously raised an RFE to allow the addition of persistent AuthProfiles to ACLPolicies both from the GUI and the blcli.

                       

                      Happy to discuss in further detail.

                      Kind regards,

                      Joshua