Page History
...
Table 1 Elements of the Manage roles command
Element | Description |
---|---|
action | Values: manage-roles Mandatory: yes |
i3-user | See Authenticate to CLI Utility on page 8. |
is-encrypted-password | See Authenticate to CLI Utility on page 8. |
roles-parametersfile | Values: the parameters file that holds the roles definitions. Mandatory: Yes |
The parameters file contains the definitions for one or more roles. The file structure is as follows
...
Table 2 Parameter values for Adding a new role
Parameter | Description | ||
---|---|---|---|
action | The action we wish to perform on the defined role. Value: add. | ||
role-name | Value: The name of the role to be added. Mandatory: Yes | ||
role-scope | The scope of the role the user wants to define the permissions on. Value: technology, application, Tier, or instance. See Table 9-3 on page 111. Mandatory: Yes | ||
permissions | The permissions we wish to assign to this role.
Mandatory: Yes | ||
permission-type | The permission type name we wish to assign to this role, for example: monitor. Mandatory: Yes | ||
permission-operation | The permission operation name we wish to assign to this role, for example: view. Mandatory: Yes | ||
resources | The resources the role permissions apply to. Mandatory: Yes | ||
resource-information | Resource information holds the information of the resource the permission is granted on. This information is derived from the role scope parameter, as shown in Table 9-3 on page 111. Mandatory: Yes | ||
nodes | This parameter is relevant only to ‘technology’ role scope. Use this parameter to define technologies permissions on specific nodes. If this parameter is not defined the technology permissions will apply on all nodes. Value: Name of the node
Mandatory: No |
Table 3 Role scope parameters
Role scope parameter | Resource information | Example | ||
---|---|---|---|---|
technology | technology-code: the technology code the permission should be granted on | <parameter technology-code="OR"/> | ||
environment | environment-name: the name of the application the permission should be granted on. | <parameter environment-name="Default"/>
| ||
apptier | apptier-name: the name of the Tier the permission should be granted on environment-name: the name of the application the Tier belongs to. | <parameter apptier-name="Oracle" environment-name="Default"/> | ||
instance | instance-name: the name of the instance the permission should be granted on. technology-code: this parameter is optional, specifies the instance technology code. This parameter should be used if the instance name is not unique. server-name: this parameter is optional, specifies the server the instance is installed on. If this parameter is specified the technology code parameter must be specified as well. This parameter should be used if the instance name and technology are not unique. | <parameter instance-name="ORCL" technology-code="OR" server-name="orcl-server"/> |
Example
In this example we will be adding two roles as follows:
...
Table 4 Parameter values for Deleting a role
Parameter | Description |
---|---|
action | The action we wish to perform on the defined role. Value: delete. Mandatory: Yes |
role-name | The name of the role we wish to delete. Mandatory: Yes |
Example
In this example we will be deleting one role ‘test-role1’:
...
Table 5 Parameter values for Editing a role
Parameter | Description | ||||
---|---|---|---|---|---|
Action | The action we wish to perform on the defined role. Value: Edit Mandatory: Yes | ||||
Role-name | The name of the role we wish to edit. Mandatory: Yes | ||||
Role-scope | The scope of the rode the user wants to define the permissions on. Values: technology, application, Tier, or instance. Mandatory: Yes | ||||
Role-new-name | The new role name. Mandatory: No | ||||
Permissions | The permissions we wish to assign to this role. Mandatory: No
| ||||
Resources | The resources the role permissions apply on.
Mandatory: Yes, if permissions are changed. | ||||
Nodes | This parameter is relevant only to ‘technology’ role scope. Use this parameter to define technologies permissions on specific nodes. If this parameter is not defined the technology permissions will apply on all nodes. Node-name: the name of the node Nodes that are already assigned to the role and are not specified in edit will be removed from the role definition. If no proxies are specified in edit mode then the role’s proxies will remain unchanged. Mandatory: No |
Example
In this example we will be editing the following role:
...
Table 6 Elements for the Manage users command
Parameter | Description |
---|---|
i3-user | See Authenticate to CLI Utility on page 8. |
is-encrypted-password | See Authenticate to CLI Utility on page 8. |
role-parametersfile | Values: the parameters file that holds the users definitions Mandatory: Yes |
action | Values: manage-users Mandatory: Yes |
The parameters file contains the definitions for one or more users. The file structure is as follows
...
Table 7 Parameters for Adding a new user
Parameter | Description | ||
---|---|---|---|
action | The action we wish to perform on the defined user. Values: Add Mandatory: Yes | ||
User-name | The name of the user we wish to add. Mandatory: Yes | ||
user-clear-password or user-encrypted-password | The user’s password as clear or encrypted text. Mandatory: Yes | ||
User-roles | The roles we wish to assign to this user
Mandatory: Yes |
Example
In this example we will be adding two users.
...
Info |
---|
The ‘admin’ user cannot be deleted. The user activating this command cannot delete himself. |
Table 8 Parameters for Deleting a user
Parameter | Description |
---|---|
Action | The action we wish to perform on the defined user. Values: Delete Mandatory: Yes |
User-name | The name of the user we wish to delete. Mandatory: Yes |
Example
In this example we will be deleting one user ‘koby’:
...
Table 9 Parameters for Editing a user
Parameter | Description | ||||
---|---|---|---|---|---|
-action | The action we wish to perform on the defined user. Values: Edit Mandatory: Yes | ||||
User-name | The name of the user we wish to edit. Mandatory: Yes | ||||
user-clear-password or user-encrypted-password | The user’s password as clear or encrypted text. Mandatory: Yes | ||||
User-roles | The roles we wish to assign to this user. | ||||
Role-name | The name of the role we wish to assign to this user.
Mandatory: Yes |
Example
In this example we will be editing the user ‘user1’. This user has the following roles assigned to him:
...
Table 10 Elements for Exporting users/roles
Elements | Description |
---|---|
Mode | The required export mode. Values: export users, export roles, or export users and roles. Mandatory: Yes |
output-file | The file path to which the export will be written. Value: If not specified: <precise_root>\infra\cli2\output\cli_expo rt_<mode>.xml. Mandatory: No |
Command output
The roles export output is written to an output file as described in the previous table.
...
Table 11 Elements for the User permissions summary
Element | Description |
---|---|
user-name | The user we wish to generate the permissions summary for. If this parameter is not specified, the permissions summary will be generated for the user activating this command according to the i3-user parameter. Mandatory: Yes |
output-file | The file the command output will be written to. If this parameter is not specified the output will be written as follows:
Mandatory: No |
Command output
The user permissions summary is printed to an output file as described above in the Parameters specification section.
...
<user-permissions-summary user-name="usr1">
<roles-permissions-summary>
<role role-name="monitor default environment" role-scope="ENVIRONMENT"
<permission>
<description>'Monitor.View' permission on the selected applications</description>
<permission-type>MONITOR</permission-type>
<permission-operation>VIEW</permission-operation>
<resource resource-type="ENVIRONMENT" environment-name="Default" />
<affected-instances>
<instance>
<instance-name>PIFA1000</instance-name>
<server-name>pifa1000</server-name>
<technology-code>SQ</technology-code>
</instance>
<instance>
<instance-name>H47_TEST</instance-name>
<server-name>poolhp3</server-name>
<technology-code>SP</technology-code>
</instance>
<instance>
<instance-name>H47_TEST2</instance-name>
<server-name>poolhp3</server-name>
<technology-code>SP</technology-code>
</instance>
</affected-instances>
</permission>
</role>
<role role-name="monitor sql apptier" role-scope="APPTIER">
<permission>
<description>'Monitor.View' permission on the selected Tiers</description>
<permission-type>MONITOR</permission-type>
<permission-operation>VIEW</permission-operation>
<resource resource-type="APPTIER" environment-name="Default" apptier-name="SQL Server" />
<affected-instances>
<instance>
<instance-name>PIFA1000</instance-name>
<server-name>pifa1000</server-name>
<technology-code>SQ</technology-code>
</instance>
</affected-instances>
</permission>
<permission>
<description>'Monitor.Execute' permission on the selected Tiers</description>
<permission-type>MONITOR</permission-type>
<permission-operation>EXECUTE</permission-operation>
<resource resource-type="APPTIER" environment-name="Default" apptier-name="SQL Server" />
<affected-instances>
<instance>
<instance-name>PIFA1000</instance-name>
<server-name>pifa1000</server-name>
<technology-code>SQ</technology-code>
</instance>
</affected-instances>
</permission>
</role>
<role role-name="administrate sql instance" role-scope="INSTANCE">
<permission>
<description>'Administrate.Execute' permission on the selected instances</description>
<permission-type>ADMINISTRATE</permission-type>
<permission-operation>EXECUTE</permission-operation>
<resource resource-type="INSTANCE" instance-name="PIFA1000" server-name="pifa1000" technology-code="SQ" />
<affected-instances>
<instance>
<instance-name>PIFA1000</instance-name>
<server-name>pifa1000</server-name>
<technology-code>SQ</technology-code>
</instance>
</affected-instances>
</permission>
<permission>
<description>'Administrate.Full Control' permission on the selected instances</description>
<permission-type>ADMINISTRATE</permission-type>
<permission-operation>FULL_CONTROL</permission-operation>
<resource resource-type="INSTANCE" instance-name="PIFA1000" server-name="pifa1000" technology-code="SQ" />
<affected-instances>
<instance>
<instance-name>PIFA1000</instance-name>
<server-name>pifa1000</server-name>
<technology-code>SQ</technology-code>
</instance>
</affected-instances>
</permission>
<permission>
<description>'Administrate.View' permission on the selected instances</description>
<permission-type>ADMINISTRATE</permission-type>
<permission-operation>VIEW</permission-operation>
<resource resource-type="INSTANCE" instance-name="PIFA1000" server-name="pifa1000" technology-code="SQ" />
<affected-instances>
<instance>
<instance-name>PIFA1000</instance-name>
<server-name>pifa1000</server-name>
<technology-code>SQ</technology-code>
</instance>
</affected-
Scroll Ignore | |||||||||
---|---|---|---|---|---|---|---|---|---|
|
...