Create a component template that contains only the user you want them to change.
Discover the template
Grant this role access to deploy to the resulting components only.
I have created component template containing the User: Oracle, and discover it on target server. now i would like to know how we can create a job to reset password using this template? If you are able then Please give me proper steps to do this stuff.
right click on the user and choose 'add to depot as blpackage'
edit the package and change the action to 'change passwd' (something like that)
put in the passwd you want
save the package
create a deploy job using that package
as the target choose the component
run the deploy.
I am also working on the same thing, I have created a user role, named "DBUser" and created a Package named "Oracle User Password Reset" using component template containing the User: Oracle, I have restrected DB user from Modifying the BLPackage however i have provided them access to update the password by giving roles like Server.BMC_UnixUser_updatePassword BMC_UnixUser_SetPassword, Component.BMC_UnixUser_updatePassword, Component.BMC_UnixUser_setPassword, however the user is still not able to access the password field using this access levels. Could any one advise how to proceed further?
As Shirish mentioned above
If the user does not have modify permission on the package
He will not be able to modify the password
The BMC_UnixUser_updatePassword BMC_UnixUser_SetPassword, permissions are for live browse right click actions only
So you should allow your user to edit the package
But if you wish to limit the user for just the Oracle user
You need to follow Bill suggestion:
You need to create a template with the Oracle user , discover it
And then right clic on the template from live browse and package it
This package will be the one used by DBUser
Thanks Tal for your inputs, but i did the samething however when i open the package the username Oracle is still editable at the dbusers as they can modify the package. any other workaround Please?
Did you try with NSH script Job to update / modify the password and in the script you can restrict user to modify root password.
Yes, we wrote a NSH script however we dont know how to pass the parameters in BLPackage though. I agree this would be the feasible option, could you please help me with it?
Please find the below screen dump , i tested for Linux / Solaris / AIX and it does not change root password , please test it into your test server first and modify per your requirements. Please let me know if you can not find the nsh script file as attached.
Change Password.rtf 253.5 K
If you have limited access to the target via a component and only exposed the oracle user, I think that even if they change the username in the package they will not be able to actually change that user’s passwd.
Thank you so much Raj, I will test it and let you know , Thanks BIll I will also check if the root password changes or not in the currrent BL package.
Bill - I checked and though I have given lots of access restriction to the DB user still they are able to reset the Root password through the BLPackage created with the help of Oracle user component. is there any way to retrict them at component level?
Raj the Sript is not working for me, the job i have created through script if failing, Also through BLPackage with component template I am not able to retrict DB Users, Though I have selected only Oracle component, User is able to reset other users, even Root also
1 of 1 people found this helpful
Can you please let me know for which OS did you try so far, what is the error message. Actually i modifed per my environment , and that could be different for you.
for example , Linux password reset i use pam_tally2 auth package , could be different for you.
Anyway's if you have any error message then please share with me.