9 Replies Latest reply on May 5, 2014 10:42 PM by Soundappan Shanmugam

    Need blcli to get all roles assigned to a username

    Bharat Moghe

      I need a blcli to get all roles assigned to a user and want search using username.

        • 1. Need blcli to get all roles assigned to a username
          R V

          Try the following (e.g. for BLAdmin):

           

          blcli_execute RBACUser findByName BLAdmin

          blcli_execute RBACUser getUserId

          blcli_storeenv userId

          blcli_execute RBACUser findRoleIdsForUser $userId

          blcli_execute Utility listPrint

          blcli_storeenv roleIdList

          for oneRoleId in $roleIdList

          do

              blcli_execute RBACRole findRoleNameById $oneRoleId

          done

          1 of 1 people found this helpful
          • 3. Re: Need blcli to get all roles assigned to a username
            Bill Robinson

            There’s another blcli in the rbac namespace that will list all usernames.  So you could loop through each one and feed it to findByName

            1 of 1 people found this helpful
            • 5. Re: Need blcli to get all roles assigned to a username
              R V

              mmh - with RBACUser.listAllUserNames you get all usernames, of course. And this one you can feed to RBACUser.findByName - but that will bring you only RBACUser-objects, but no role. Or did you mean some other "namespace-method"-combination?

               

              But while investigating this I found another possible solution:

               

              RBACRole.listAllRoleNames => brings you all role-names (sic!)

               

              Then you could loop through this role-name-list feeding it into

               

              RBACUser.belongsToRole $userName $roleName

               

              For each role the user belongs to you will get a "true" and could hence add the role-name to your user-specific role-list.

              • 6. Re: Need blcli to get all roles assigned to a username
                Bill Robinson

                i meant like this: (and some other command changes maybe)

                 

                blcli_execute RBACUser listAllUserNames

                blcli_storeenv userList

                for rbacUser in ${userList}

                do

                     blcli_execute RBACUser findByName ${rbacUser}

                     blcli_execute RBACUser getRoles

                     blcli_execute RBACRole getName

                     blcli_execute Utility setTargetObject

                     blcli_execute Utility listPrint

                     blcli_storeenv roleIdList

                     for rbacRole in $roleIdList

                     do

                     echo "${rbacUser}:${rbacRole}"

                done

                • 7. Re: Need blcli to get all roles assigned to a username

                  OK. Last edit... calling it a night.. Found some Utility commands referenced in some other posts. While this throws a number of errors within NSH when executing manually, the output appears correct. Likely something to clean up... thoughts?

                   

                  #!/bin/nsh

                  OutputFile=/tmp/BLenabledUsers.txt

                  test -e $OutputFile && rm /tmp/BLenabledUsers.txt
                  echo "========`date`========" >> $OutputFile
                  echo "========Generating BL Enabled Users List========" >> $OutputFile

                  blcli_setoption serviceProfileName defaultProfile
                  blcli_setoption roleName BLAdmins
                  blcli_connect

                  blcli_execute RBACUser getAllUserNames
                  blcli_execute Utility setTargetObject
                  blcli_execute Utility listPrint
                  blcli_storeenv userNames

                  for user in ${userNames}
                  do
                  blcli_execute RBACUser getDBKeyByName ${user}
                  blcli_execute RBACUser isEnabled
                  blcli_storeenv enabledValue
                  echo "${user} is Enabled = ${enabledValue}" >> $OutputFile
                  done

                  • 8. Re: Need blcli to get all roles assigned to a username
                    Gerardo Bartoccini

                    They shouldn't be errors. I believe they are just blcli_execute output.

                    Redirect the blcli_execute output to /dev/null, then get the exit code with $? if you want to double check.

                    There is a function around called exec_blcli, written by Bill. Search for it, if you want to automatically handle exit code.

                    • 9. Re: Need blcli to get all roles assigned to a username
                      Soundappan Shanmugam

                      hope that this would help finally

                       

                      Thnx @Bill Robinson for your help

                       

                      blcli_setoption roleName BLAdmins

                      blcli_setoption serviceProfileName defaultProfile

                      blcli_connect

                      blcli_execute RBACUser listAllUserNames

                      blcli_storeenv userList

                      for rbacUser in ${userList}

                      do

                      blcli_execute RBACUser findByName $rbacUser

                      blcli_execute RBACUser getRoles

                      blcli_execute Utility setTargetObject

                      blcli_storeenv roleList

                                  for roleid in ${roleList//[\[|\]|,]/}

                                    do

                                           blcli_execute RBACRole findById ${roleid}

                                           blcli_execute RBACRole getName

                                           blcli_storeenv roleName

                                           echo "${roleName},${rbacUser} \n" >>//<ServerName>/tmp/RBAC_ROLES_USERS.csv

                       

                                  done

                      done