이 섹션의 스크립트를 사용하여 환경 간에 사전 정의된 역할 지정을 복제할 수 있습니다. 이 스크립트를 실행하는 사용자에게 두 환경에서 모두 서비스 관리자 역할이 있어야 합니다.
Windows
replicatepredefineroles.ps1을 생성합니다.
# Replicate predefined roles script
param(
[string]$epmusersource,
[string]$epmpwdsource,
[string]$epmurlsource,
[string]$epmidentitydomainsource,
[string]$epmusertarget,
[string]$epmpwdtarget,
[string]$epmurltarget,
[string]$epmidentitydomaintarget,
[string]$proxyserverusername,
[string]$proxyserverpassword,
[string]$proxyserverdomain,
[string]$emailtoaddress
)
$roleassignmentreport="roleassignmentreport.csv"
function replicateroles
{
# epmautomate login Source App as an IDM Admin
echo "Logging into source application at ${epmurlsource}"
epmautomate login ${epmusersource} ${epmpwdsource} ${epmurlsource} ${epmidentitydomainsource} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
echo "Creating role assignment report: ${roleassignmentreport}"
epmautomate roleAssignmentReport ${roleassignmentreport}
if (${emailtoaddress} -match "@") {
epmautomate.bat sendMail $emailtoaddress "Role assignment report" Body="Role assignment report is attached." Attachments=$roleassignmentreport
}
echo "Downloading role assignment report"
epmautomate downloadfile ${roleassignmentreport}
epmautomate deletefile ${roleassignmentreport}
epmautomate logout
echo "Creating files to use with epmautomate assignRoles"
Get-Content ${roleassignmentreport} | ForEach-Object {
$user=$_.split(',')[0]
$rolename=$_.split(',')[4]
if ($rolename -like '*User' -And $rolename -notlike '*Power User') {
$rolenamearray=$rolename.split(" ")
$arraysize=$rolenamearray.count
$rolename="User"
if ($arraysize.count -le 2) {
echo "${user}" | Out-File -Append -Encoding "UTF8" "role-${rolename}.csv"
}
}
elseif ($rolename -like '*Viewer') {
$rolenamearray=$rolename.split(" ")
$arraysize=$rolenamearray.count
$rolename="Viewer"
if ($arraysize -le 2) {
echo "${user}" | Out-File -Append -Encoding "UTF8" "role-${rolename}.csv"
}
}
elseif ($rolename -like '*Power User') {
$rolenamearray=$rolename.split(" ")
$arraysize=$rolenamearray.count
$rolename="Power User"
if ($arraysize -le 3) {
echo "${user}" | Out-File -Append -Encoding "UTF8" "role-${rolename}.csv"
}
}
elseif ($rolename -like '*Service Administrator') {
$rolenamearray=$rolename.split(" ")
$arraysize=$rolenamearray.count
$rolename="Service Administrator"
if ($arraysize -le 3) {
echo "${user}" | Out-File -Append -Encoding "UTF8" "role-${rolename}.csv"
}
}
elseif ($rolename -like 'Planner') {
echo "${user}" | Out-File -Append -Encoding "UTF8" "role-User.csv"
}
}
# Add header and format
$rolefiles = Get-ChildItem "role-*.csv"
foreach ($rolefile in $rolefiles) {
$rolefilecontent = Get-Content "$rolefile"
$headerline='User Login'
Set-Content $rolefile -value $headerline,$rolefilecontent
$txt = [io.file]::ReadAllText("$rolefile") -replace "`r`n","`n"
[io.file]::WriteAllText("$rolefile", $txt)
}
# epmautomate login Target App as an IDM Admin
echo "Logging into target application at ${epmurltarget}"
epmautomate login ${epmusertarget} ${epmpwdtarget} ${epmurltarget} ${epmidentitydomaintarget} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
$rolefiles = Get-ChildItem "role-*.csv"
foreach ($rolefile in $rolefiles) {
$rolenamecsv=$rolefile.BaseName.split('-')[1]
$rolename=$rolenamecsv.split('.')[0]
epmautomate deletefile "${rolefile}" | Out-Null
echo "Uploading file ${rolefile}"
epmautomate uploadfile "${rolefile}"
echo "Assigning ${rolename} roles"
epmautomate assignRole "role-${rolename}.csv" "${rolename}"
epmautomate deletefile "role-${rolename}.csv"
}
epmautomate logout
rm deletefile*.log | Out-Null
}
function init
{
# delete ${role}.csv files
$rolefiles = Get-ChildItem "role-*.csv"
foreach ($rolefile in $rolefiles) {
$rolefileexists=Test-Path $rolefile
if ($rolefileexists) {
rm "${rolefile}"
}
}
}
echo "Replicate predefined roles script started"
init
replicateroles
echo "Replicate predefined roles script completed"
replicatepredefineroles.bat를 생성합니다.
@ECHO OFF SET thisdir=%~dp0 SET scriptpath=%thisdir%replicatepredefinedroles.ps1 REM USER DEFINED VARIABLES REM ----------------------- set epmusersource="<EPM USER FOR SOURCE ENVIRONMENT>" set epmpwdsource="<EPM PASSWORD FOR SOURCE ENVIRONMENT>" set epmurlsource="<EPM URL FOR SOURCE ENVIRONMENT>" set epmidentitydomainsource="<EPM IDENTITY DOMAIN FOR SOURCE ENVIRONMENT>" set epmusertarget="<EPM USER FOR TARGET ENVIRONMENT>" set epmpwdtarget="<EPM PASSWORD FOR TARGET ENVIRONMENT>" set epmurltarget="<EPM URL FOR TARGET ENVIRONMENT>" set epmidentitydomaintarget="<EPM IDENTITY DOMAIN FOR TARGET ENVIRONMENT>" set proxyserverusername="<PROXY SERVER USER NAME>" set proxyserverpassword="<PROXY SERVER PASSWORD>" set proxyserverdomain="<PROXY SERVER DOMAIN>" set emailtoaddress="<EMAIL_TO_ADDRESS>" REM ----------------------- PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& '%scriptpath%' -epmusersource '%epmusersource%' -epmpwdsource '%epmpwdsource%' -epmurlsource '%epmurlsource%' -epmidentitydomainsource '%epmidentitydomainsource%' -epmusertarget '%epmusertarget%' -epmpwdtarget '%epmpwdtarget%' -epmurltarget '%epmurltarget%' -epmidentitydomaintarget '%epmidentitydomaintarget%' -proxyserverusername '%proxyserverusername%' -proxyserverpassword '%proxyserverpassword%' -proxyserverdomain '%proxyserverdomain%' -emailtoaddress '%emailtoaddress%'"
replicatepredefineroles.bat를 업데이트합니다. 이 파일의 등록정보에 설정해야 하는 값에 대한 자세한 내용은 다음 테이블을 참조하십시오.
replicatepredefineroles.bat 업데이트
| 매개변수 | 설명 |
|---|---|
epmusersource |
소스 환경에서 ID 도메인 관리자 및 서비스 관리자 역할을 가진 사용자의 사용자 이름입니다.
예: Windows: Linux/UNIX: |
epmpwdsource |
사용자 비밀번호 또는 암호화된 비밀번호 파일의 절대 경로입니다.
예: Windows: Linux/UNIX: |
epmurlsource |
복사할 사용자가 있는 환경의 URL입니다.
예: Windows: Linux/UNIX: |
epmidentitydomainsource |
소스 환경에서 사용하는 ID 도메인의 이름입니다.
예: Windows: Linux/UNIX: |
epmusertarget |
타겟 환경에서 ID 도메인 관리자 및 서비스 관리자 역할을 가진 사용자의 사용자 이름입니다.
예: Windows: Linux/UNIX: |
epmpwdtarget |
사용자 비밀번호 또는 암호화된 비밀번호 파일의 절대 경로입니다.
예: Windows: Linux/UNIX: |
epmurltarget |
사용자를 생성할 환경의 URL입니다.
예: Windows: Linux/UNIX: |
epmidentitydomaintarget |
타겟 환경에서 사용하는 ID 도메인의 이름입니다.
예: Windows: Linux/UNIX: |
proxyserverusername |
인터넷에 대한 액세스를 제어하는 프록시 서버를 통해 보안 세션을 인증할 사용자 이름입니다. 사용되지 않는 경우 이 등록정보의 모든 발생을 삭제합니다.
예: Windows: Linux/UNIX: |
proxyserverpassword |
프록시 서버를 통해 사용자를 인증할 비밀번호입니다. 사용되지 않는 경우 이 등록정보의 모든 발생을 삭제합니다.
예: Windows: Linux/UNIX: |
proxyserverdomain |
프록시 서버에 대해 정의된 도메인의 이름입니다. 사용되지 않는 경우 이 등록정보의 모든 발생을 삭제합니다.
예: Windows: Linux/UNIX: |
emailtoaddress |
선택사항으로, 역할 지정 보고서를 보낼 전자메일 주소입니다. 이 값이 지정된 경우에만 보고서를 전자메일로 보냅니다.
예: |
Linux/UNIX
replicatepredefineroles.sh를 생성합니다.
#!/bin/sh
# USER DEFINED VARIABLES
#-----------------------
javahome="<JAVA HOME>"
epmautomatescript="<EPM AUTOMATE SCRIPT LOCATION>"
epmusersource="<EPM USER FOR SOURCE ENVIRONMENT>"
epmpwdsource="<EPM PASSWORD FOR SOURCE ENVIRONMENT>"
epmurlsource="<EPM URL FOR SOURCE ENVIRONMENT>"
epmidentitydomainsource="<EPM IDENTITY DOMAIN FOR SOURCE ENVIRONMENT>"
epmusertarget="<EPM USER FOR TARGET ENVIRONMENT>"
epmpwdtarget="<EPM PASSWORD FOR TARGET ENVIRONMENT>"
epmurltarget="<EPM URL FOR TARGET ENVIRONMENT>"
epmidentitydomaintarget="<EPM IDENTITY DOMAIN FOR TARGET ENVIRONMENT>"
proxyserverusername="<PROXY SERVER USER NAME>"
proxyserverpassword="<PROXY SERVER PASSWORD>"
proxyserverdomain="<PROXY SERVER DOMAIN>"
emailtoaddress="<EMAIL TO ADDRESS>"
#-----------------------
roleassignmentreport="roleassignmentreport.csv"
export JAVA_HOME=${javahome}
replicateroles()
{
# epmautomate login Source App as an DM Admin
echo "Logging into source application at ${epmurlsource}"
${epmautomatescript} login ${epmusersource} ${epmpwdsource} ${epmurlsource} ${epmidentitydomainsource} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
echo "Creating role assignment report: ${roleassignmentreport}"
${epmautomatescript} roleAssignmentReport ${roleassignmentreport}
if [[ "${emailtoaddress}" == *"@"* ]]
then
${epmautomatescript} sendMail $emailtoaddress "Role assignment report" Body="Role assignment report is attached." Attachments=$roleassignmentreport
fi
echo "Downloading role assignment report"
${epmautomatescript} downloadfile ${roleassignmentreport}
${epmautomatescript} deletefile ${roleassignmentreport}
${epmautomatescript} logout
echo "Creating files to use with epmautomate assignRoles"
while read line
do
user=$(echo "${line}" | cut -d',' -f1)
rolename=$(echo "${line}" | cut -d',' -f5)
if [[ "$rolename" == *"User" ]] && [[ "$rolename" != "*Power User" ]]
then
count=$(echo "${rolename}" | wc -w);
rolename="User"
if [[ $count -le 2 ]]
then
echo "${user}" >> "role-${rolename}.csv"
fi
elif [[ "$rolename" == *"Viewer" ]]
then
count=$(echo "${rolename}" | wc -w);
rolename="Viewer"
if [[ $count -le 2 ]]
then
echo "${user}" >> "role-${rolename}.csv"
fi
elif [[ "$rolename" == *"Power User" ]]
then
count=$(echo "${rolename}" | wc -w);
rolename="Power User"
if [[ $count -le 3 ]]
then
echo "${user}" >> "role-${rolename}.csv"
fi
elif [[ "$rolename" == *"Service Administrator" ]]
then
count=$(echo "${rolename}" | wc -w);
rolename="Service Administrator"
if [[ $count -le 3 ]]
then
echo "${user}" >> "role-${rolename}.csv"
fi
elif [[ "$rolename" == "Planner" ]]
then
echo "${user}" >> "role-User.csv"
fi
done < ${roleassignmentreport}
# write header line
for f in role-*.csv
do
sed -i '1iUser Login' "$f"
done
# epmautomate login Target App as an IDM Admin
echo "Logging into target application at ${epmurltarget}"
${epmautomatescript} login ${epmusertarget} ${epmpwdtarget} ${epmurltarget} ${epmidentitydomaintarget} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
for rolefile in role-*.csv
do
rolenamecsv=$(echo "$rolefile" | cut -d'-' -f2)
rolename=$(echo "$rolenamecsv" | cut -d'.' -f1)
${epmautomatescript} deletefile "${rolefile}" > /dev/null 2>&1
echo "Uploading file ${rolefile}"
${epmautomatescript} uploadfile "${rolefile}"
echo "Assigning roles"
${epmautomatescript} assignrole "${rolefile}" "${rolename}"
${epmautomatescript} deletefile "${rolefile}"
done
${epmautomatescript} logout
rm deletefile*.log > /dev/null 2>&1
}
init()
{
# delete role-${role}.csv files
for f in role-*.csv
do
rm "$f" > /dev/null 2>&1
done
}
echo "Replicate predefined roles script started"
init
replicateroles
echo "Replicate predefined roles script completed"
replicatepredefineroles.sh를 업데이트합니다. 지정해야 하는 값에 대한 자세한 내용은 위 테이블을 참조하십시오. 다음 등록정보의 값도 지정해야 합니다.
javahome: Java가 설치된 디렉터리의 절대 경로입니다.epmautomatescript: epmautomatescript.sh 위치(예: epmautomatescript="/home/user1/epmautomate/bin/epmautomate.sh")입니다.