Sun Identity Manager 8.1 Business Administrator's Guide

Using Action Lists

You can specify a list of bulk actions using comma-separated values (CSV) format. This allows you to provide a mix of different action types in a single action list. In addition, you can specify more complicated creation and update actions.

The CSV format consists of two or more input lines. Each line consists of a list of values separated by commas. The first line contains field names. The remaining lines each correspond to an action to be performed on an Identity Manager user, the user’s resource accounts, or both. Each line should contain the same number of values. Empty values will leave the corresponding field value unchanged.

Two fields are required in any bulk action CSV input:

Delete, DeleteAndUnlink, Disable, Enable, Unassign, and Unlink Commands

If you are performing Delete, DeleteAndUnlink, Disable, Enable, Unassign, or Unlink actions, the only additional field you need to specify is resources. Use the resources field to specify which accounts on which resources will be affected.

The resources field can have the following values:

The following is an example of the CSV format for several of these actions:

command,user,resources
Delete,John Doe,all
Disable,Jane Doe,resonly
Enable,Henry Smith,Identity Manager
Unlink,Jill Smith,Windows Active Directory|Solaris Server

Create, Update, and CreateOrUpdate Commands

If you are performing Create, Update, or CreateOrUpdate commands, you can specify fields from the User View in addition to the user and command fields. The field names used are the path expressions for the attributes in the views. See User View Attributes in Sun Identity Manager Deployment Reference for information about the attributes that are available in the User View. If you are using a customized User Form, then the field names in the form contain some of the path expressions that you can use.

Some of the more common path expressions used in bulk actions are:

The following example illustrates the CSV format for create and update actions:

command,user,waveset.resources,password.password,
password.confirmPassword,accounts[Windows Active Directory].description,
accounts[Corporate Directory].location Create,John Doe,
Windows Active Directory|Solaris Server,changeit,changeit,John Doe - 888-555-5555,
Create,Jane Smith,Corporate Directory,changeit,changeit,,New York
CreateOrUpdate,Bill Jones,,,,,California

The CreateOrUpdate command allows you to specify a specific account-type on a resource that supports multiple account-types. So if a user has multiple accounts on a specific resource, with each account being a different account type, the following example shows how to update the admin account type for the userAye user:

command,user,accounts[Sim1|admin].emailAddress
CreateOrUpdate,userAye,bbye8@example.com

Note –

Although the CreateOrUpdate command allows you to set account-specific attributes for a user's accounts, be aware that the following values in the global section of the User's View will be applied to all specified accounts:

Consequently, a BulkOps command of the following form might not do what you expect.

command,user,accounts[Sim1].email
CreateOrUpdate,userAye,bbye8@example.com

If userAye already has a value for email, that value will be applied to the email attribute on the Sim1 resource. You have no way to override this behavior.


Fields with More Than One Value

Some fields can have multiple values. These are known as multivalued fields. For example, the waveset.resources field can be used to assign multiple resources to a user. You can use the vertical bar (|) character (also known as the “pipe” character) to separate multiple values in a field. The syntax for multiple values can be specified as follows:

value0 | value1 [ | value2 ... ]

When updating multivalued fields on existing users, replacing the current field’s values with one or more new values may not be what you want. You may want to remove some values or add to the current values. You can use field directives to specify how to treat the existing field’s values. Field directives go in front of the field value and are surrounded by the vertical bar character, as follows:

|directive [ ; directive ] | field values

You can choose from the following directives:


Note –

Field values are case-sensitive. This is important when specifying the Merge and Remove directives. The values must match exactly to correctly remove values or avoid having multiple similar values when merging.


Special Characters in Field Values

If you have a field value with a comma (,) or double quote (") character, or you want to preserve leading or trailing spaces, you must embed your field value within a pair of double quotes ("field_value"). You then need to replace double quotes in the field value with two double quote (") characters. For example, "John ""Johnny"" Smith" results in a field value of John "Johnny" Smith.

If you have a field value with a vertical bar (|) or backslash (\) character in it, you must precede it with a backslash (\| or \\).