1 2 Previous Next 18 Replies Latest reply on Jul 19, 2011 11:54 AM by Bill Robinson

    NSHScript RBAC Create Role - Script Errors

      The follwing script creates a role given a rolename, description, and maps a given UNIX/WINDOWS ID to the role. The script also resets the parameter values to defaults so that the information from the previous job does not stay with the job, so users don't have to copy the job and delete it everytime they run it.


      So far the script works but in the future, it's desired that users create their own roles. However, all users do not have RBAC admin privileges. we have already tried using an execution override, but everytime the user changes the parameter this goes away. Is there a command that would allow a regular user to run this job with RBAC admin privileges?


      Another issue we're having is that when we try to make changes to the user.local file we get a permission error because the file is (root root) is there a way to bypass this so that the user.local file can be updated everytime the job is run?




      #Troubleshooting echoes
      echo `date`
      echo "Role Name = "${roleName}""
      echo "Role Description = "${roleDescription}""
      echo "Mapped User ID = "${mappedUserID}""
      echo "Map Type = "${mapType}""

      #Have to be run before using blcli_execute
      blcli_execute Utility assumeRole RBACAdmins

      #Creates the role (When using unsupported commands remember to enable with performance commands (blcli_execute)
      echo "Running command: blcli RBACRole createRole "${roleName}" "${roleDescription}""
      blcli_execute RBACRole createRole "${roleName}" "${roleDescription}"
      blcli_execute RBACRole setAgentAclUserEquiv "${roleName}" "${mappedUserID}" "${mapType}"
      if test $? -ne 0
      then echo "Role not created due to error"
      exit 1

      #echo "Updating USER.LOCAL File"
      ### Need to correct for permission error when executing below (file is root root)
      #echo "${roleName}:*  rw,map=bluser" >> /usr/lib/rsc/users.local.06062011
      #echo "USERS.LOCAL File has been updated"

      echo "Resetting Default Parameter Values"
      JOB_KEY=`blcli NSHScriptJob clearNSHScriptParameterValuesByGroupAndName "/USERS/FEDANIE" "RBAC_createRole"`
      JOB_KEY=`blcli NSHScriptJob addNSHScriptParameterValueByGroupAndName "/USERS/FEDANIE" "RBAC_createRole" 0 "<ROLE_NAME_ALLCAPS_AND_UNDERSCORES>"`
      JOB_KEY=`blcli NSHScriptJob addNSHScriptParameterValueByGroupAndName "/USERS/FEDANIE" "RBAC_createRole" 1 "<ROLE_DESCRIPTION>"`
      JOB_KEY=`blcli NSHScriptJob addNSHScriptParameterValueByGroupAndName "/USERS/FEDANIE" "RBAC_createRole" 2 "<UNIX_OR_WINDOWS_USERID>`
      JOB_KEY=`blcli NSHScriptJob addNSHScriptParameterValueByGroupAndName "/USERS/FEDANIE" "RBAC_createRole" 3 "<1_FOR_UNIX_OR_999_FOR_WINDOWS>"`




      Thank you,




        1 2 Previous Next