Page History
...
We will remove the first two permissions and add a new permission – MONITOR.EXECUTE. We will set the role to apply on all nodes and also change the role name to ‘test-role1-updated’. After the edit operation is completed, the role definition will be:• Role
- Role name: test-role1-updated (the new name)
...
- Role scope: technology (wasn’t affected by the update)
...
- Role permissions
...
- MONITOR.EXECUTE (new permission)
...
- ADMINISTRATE.EXECUTE (redefined by the update)
...
- Role resources
...
- Oracle technology (redefined by the update)
...
- Oracle Applications technology (redefined by the update)
...
- Role nodes: all nodes (updated definition) The roles parameters file will look as follows:
<root>
<parameter name="action" value="edit"/>
<parameter name="role-name" value=" test-role1"/>
<parameter name="role-new-name" value=" test-role1-updated"/>
<complex name="permissions">
<parameter permission-type="monitor" permission-operation="execute"/>
<parameter permission-type="administrate" permission-operation="execute"/>
</complex>
<complex name="resources">
<parameter instance-name="ORCL" technology-code="OR" server-name="srv1"/>
<parameter instance-name="OA1" technology-code="OA" server-name="srv2"/>
</complex>
<parameter name="nodes" value="*"/>
<parameter name="role-scope" value="INSTANCE"/>
</root>
| Anchor | ||||
|---|---|---|---|---|
|
Manage users command
Managing users using CLI is done using the following command:
Windows
...
infra\bin\psin_cli.bat
-i3-user
...
<user_
...
name>
{-i3-encrypted-password
...
<encrypted_
...
password> | -i3-clear-password
...
<clear_
...
password>}
-action manage-users
-roles-parametersfile <users_parameters.xml>
...
UNIX ./infra/bin/psin_cli.sh
-i3-user
...
<user_
...
name>
{-i3-encrypted-password
...
<encrypted_
...
password> | -i3-clear-password
...
<clear_
...
password>}
-action manage-users
-roles-parametersfile <users_parameters.xml>
Table 9-6 Elements for the Manage users commandParameter Description
| Parameter | Description |
|---|---|
| i3- |
...
| user | See Authenticate to CLI Utility on page 8. |
...
| is-encrypted- |
...
| password | See Authenticate to CLI Utility on page 8. |
| role- |
...
| parametersfile | Values: the parameters file that holds the users definitions Mandatory: Yes |
...
| action | Values: manage-users Mandatory: Yes |
The parameters file contains the definitions for one or more users. The file structure is as follows
<root>
<user>
User definition
</user>
…additional users definitions
</root>
| Info |
|---|
...
When managing only one user the <user> tag is not required. |
<root>
User definition
</root>
Required permissions
Activating the user’s management command requires ADMINISTRATE.EXECUTE permissions on Precise technology.
User roles definitions limitations
A user activating this command can add/remove roles to the managed user, only if the permissions of the roles granted/removed from the managed user, are in the scope of the managing user’s roles permissions.
For example, if a user has ADMINISTRATE.VIEW permission on an Oracle instance he can create a new user and assign a role with ADMINISTRATE.VIEW permission on the Oracle instance he has the same permission on, however, he will not be able to assign a role with ADMINISTRATE.VIEW on another instance or ADMINISTRATE.EXECUTE on the same instance.
Handling errors
CLI mechanism always skips to the next user and does not halt the whole operation in case of error. In case the CLI fails for a specific user, a message is issued to the screen and the problem is logged in the CLI log file.
Adding a new user
The definition for adding a new user is as follows:
<root>
<parameter name="action" value="add"/>
<parameter name="user-name" value="user-name"/>
{<parameter name="user-clear-password" value="clear-password"/> |
<parameter name="user-encrypted-password" value="encrypted-password"/>}
[<complex name="user-roles">
<parameter role-name="role-name"/>
…additional roles definitions
</complex>]
</root>
Table 9-7 Parameters for Adding a new user
...