1 Reply Latest reply on Nov 2, 2011 10:28 AM by Bill Robinson

    Creating a report of ACL Policies

      I'm running BBSA 8.0.6 in an environment with about 1,300 ACL Policies and I need a way to get a handle on what they all are and where they are being used. Is there an easy way to generate a report of all the ACL Policies and their respective Roles and Authorizations. Or conversely, all RBAC Roles and the ACL Policies associated with each. I may be overlooking something obvious but there does not seem to be an easy way of getting and reporting ACL Policy information.

       

      Thanks in advance.

        • 1. Creating a report of ACL Policies
          Bill Robinson

          i already sent you this, but for everyone else:

           

           

          #!/bin/nsh

          blcli_setoption serviceProfileName defaultProfile
          blcli_setoption roleName BLAdmins
          blcli_connect

          blcli_execute Server listAllServers  > out.1 2> out.2
          blcli_storeenv serverList  > out.1 2> out.2

          for server in ${serverList}
                  do
                  echo "Processing server: ${server}..."
                  blcli_execute Server findByName ${server} > out.1 2> out.2
                  blcli_execute Server getBlAcl > out.1 2> out.2
                  blcli_execute Utility setTargetObject  > out.1 2> out.2
                  blcli_execute Utility storeTargetObject blAcl  > out.1 2> out.2
                  blcli_execute BlAcl aclToString NAMED_OBJECT=blAcl  > out.1 2> out.2
                  blcli_storeenv serverAcl > out.1

                  echo "Processing ACLs..."
                  while read line
                          do
                          printf '%s\n' "${line}" >> $$.acl
                  done <<< ${serverAcl}

                  if [ `grep -n -e "Policy Name" -e "End of Policy" $$.acl | wc -l` -eq 0 ]
                          then
                          echo "No ACL Policies..."
                          grep -v ^$ $$.acl | while read line
                                  do
                                  echo "${line}" | awk '{print $1","$2}'| sed "s/^/${server},Direct,/g" >> "$$.out.csv"
                                  done
                  else
                          count=1
                          for range in `grep -n -e "Policy Name" -e "End of Policy" $$.acl | cut -f1 -d: | sed '$!N;s/\n/,/'`
                                  do
                                  policyName=`head -${range%,*} $$.acl | tail -1 | cut -f2 -d: | tr -d '[:cntrl:]' | sed "s/^ //g"`
                                  echo "Processing server: ${server}, policy: ${policyName}..."
                                  if [ ${count} -eq 1 ]
                                          then
                                          # get the explicit acls
                                          head -${range%,*} $$.acl | grep -v -e "Policy Name" -e ^$ | while read line
                                                  do
                                                  echo "${line}" | awk '{print $1","$2}'| sed "s/^/${server},Direct,/g" >> "$$.out.csv"
                                          done
                                  fi
                                  sed -n ${range}p $$.acl | grep -v -e "Policy Name:" -e "End of Policy:" -e ^$ | awk '{print $1","$2}' | sed "s/^/${server},${policyName},/g" >> "$$.out.csv"
                                  count=$((${count}+1))
                          done
                  fi

                  rm -f $$.acl

          done

          rm -f out.1
          rm -f out.2