1 Reply Latest reply on Dec 5, 2011 7:59 AM by Carmine Buono

    import and export (Role Authorization, ACL and  ACL policy)

      Hi All,


      we have more than 200 differents roles, users and ACL policy.


      we need to move them from Dev Env to others Env (fix env, test env and prod env) !!

      i found in this communities script to export and import just for role and user .


      please if anyone have such script to export and import Role Authorization, ACL and  ACL policy ,please share it , it will be very helpfull


      thank you


        • 1. Re: import and export (Role Authorization, ACL and  ACL policy)

          Hello Baha,

          I've made a lot of script for export/import Roles, ACL and users, but I don't have documentation.

          For do that usually I follow this step;

          1- get the dump of roles, user, and so using simple BLCLI commands or copy/paste from BBSA gui; (on the first env)

          2- perl script for parse the roles, users,etc.. and build a nsh script with all info to put to new env;

          3- launch the nsh script; (on the new env)


          Yes, You can run the script for parse, create and put, but in this way you can't use the blicli_execute command that is very quickly.


          I.E. for ACL template:


          1- from the BLCLI using the  "BLAclTemplate" name space and listAllAclTemplates and show permission you can create a file as this:

          Name: Applicativi ACL Template

          BLAdmins          Server.*

          BLAdmins          ACLTemplate.*

          BLAdmins          CustomCommand.*

          BLAdmins          WindowsSoftware.*

          BLAdmins          SystemPackageFolder.*

          BLAdmins          CustomIcon.*

          BLAdmins          ConfigFile.*

          BLAdmins          SystemPackage.*



          Name: DB2 Admins ACL Template

          BLAdmins          CustomCommand.*

          BLAdmins          SystemPackage.*

          SystemLinuxAdmins          ComponentGroup.*

          SystemAIXAdmins          SystemPackage.*

          SystemLinuxAdmins          SnapshotJob.*

          SystemAIXAdmins          DiscoveryJob.*

          BLAdmins          JobFolder.*

          BLAdmins          DepotGroup.*

          SystemLinuxAdmins          ComponentTemplateGroup.*

          SystemLinuxAdmins          ConfigFile.*

          SystemAIXAdmins          DepotFile.*

          BLAdmins          NSHScript.*

          SystemLinuxAdmins          PropertyClass.*

          SystemLinuxAdmins          CustomSoftware.*

          BLAdmins          Patch.*

          SystemLinuxAdmins          ComponentTemplateFolder.*

          SystemLinuxAdmins          CustomIcon.*

          BLAdmins          ComponentTemplateFolder.*

          BLAdmins          Component.*

          SystemLinuxAdmins          JobFolder.*

          SystemAIXAdmins          WindowsSoftware.*

          BLAdmins          ProvisionConfig.*

          SystemLinuxAdmins          Device.*


          2- run this perl script:


          use utf8;



          my $riga;

          my $nc=0;

          my @elenco;

          my $kakka;

          open (FILE, "< acltemplate") || die "Error: Not Found Acltemplate list file \n\n";

                  while ($riga = <FILE>) {

                          $elenco[$nc] = $riga;

                          chomp ($elenco[$nc]);

                              #$elenco[$nc]=~ /

                              if (! $elenco[$nc]) {

                                        $elenco[$nc]= "FILEINDEX";

                                        print "$elenco[$nc]\n";





          close FILE;

          my $i=0;

          my $k=0;

          my $j=0;

          my $s=0;

          my $role;

          my $user;

          open (FILE2, "> addacltemplate.nsh");

          print FILE2 "#!/bin/nsh\n";

          print FILE2 "blcli_setoption authType SRP\n";

          print FILE2 "blcli_setoption serviceProfileName test_srp\n";

          print FILE2 "blcli_setoption roleName RBACAdmins\n";

          print FILE2 "blcli_connect\n";

          while ($i<=$nc) {

                    #print "Create /tmp/acltemplate.sh\n";

                    if ($elenco[$i]=~ /Name:/) {

                              $elenco[$i]=~ /Name: (.+)/;


                              print FILE2 "echo Creating $acltemplatename\n";

                              print FILE2 "blcli_execute BlAclTemplate createAclTemplate \"$acltemplatename\" \"\" \n";


                              while ($elenco[$i]!~ /FILEINDEX/) {

                                        @ruolo= split /\s+/, $elenco[$i];

                                        if ($ruolo[1]=~ /nexec/) {

                                                  $ruolo[1]= "nexec\" \"nexec";


                                        if ($ruolo[1]=~ /nsh/) {

                                                  $ruolo[1]= "nsh\" \"nsh";


                                        print "adding in $acltemplatename authorization $ruolo[1] role $ruolo[0]\n";

                                        print FILE2 "echo blcli BlAclTemplate addTemplatePermission \"$acltemplatename\" \"$ruolo[0]\" \"$ruolo[1]\"\n";

                                        print FILE2 "blcli_execute BlAclTemplate addTemplatePermission \"$acltemplatename\" \"$ruolo[0]\" \"$ruolo[1]\"\n";



          #          $i=$i-1;





          close FILE2;



          3- Run the nsh script that you have made with the previuos perl script.. it looks like that:



          blcli_setoption authType SRP

          blcli_setoption serviceProfileName test_srp

          blcli_setoption roleName RBACAdmins


          echo Creating Applicativi ACL Template

          blcli_execute BlAclTemplate createAclTemplate "Applicativi ACL Template" ""

          echo blcli BlAclTemplate addTemplatePermission "Applicativi ACL Template" "BLAdmins" "Server.*"

          blcli_execute BlAclTemplate addTemplatePermission "Applicativi ACL Template" "BLAdmins" "Server.*"

          echo blcli BlAclTemplate addTemplatePermission "Applicativi ACL Template" "BLAdmins" "ACLTemplate.*"

          blcli_execute BlAclTemplate addTemplatePermission "Applicativi ACL Template" "BLAdmins" "ACLTemplate.*"

          echo blcli BlAclTemplate addTemplatePermission "Applicativi ACL Template" "BLAdmins" "CustomCommand.*"




          If you tell me your e-mail I can send to you the 3 files for this task...