Use os scripts desta seção para clonar atribuições de funções predefinidas de um ambiente para outro. É necessário que o usuário que está executado esses scripts tenha função de Administrador do Serviço nos dois ambientes.
Nota:
Se você estiver usando a versão PDF deste documento: para evitar quebras de linha ou informações de rodapé que impedirão a utilização desses scripts, copie-os script da Versão em HTML deste tópico.Windows
replicatepredefineroles.ps1 copiando o script a seguir.
# Replicate predefined roles script
param(
[string]$epmusersource,
[string]$epmpwdsource,
[string]$epmurlsource,
[string]$epmidentitydomainsource,
[string]$epmusertarget,
[string]$epmpwdtarget,
[string]$epmurltarget,
[string]$epmidentitydomaintarget,
[string]$proxyserverusername,
[string]$proxyserverpassword,
[string]$proxyserverdomain,
[string]$emailtoaddress
)
$roleassignmentreport="roleassignmentreport.csv"
function replicateroles
{
# epmautomate login Source App as an IDM Admin
echo "Logging into source application at ${epmurlsource}"
epmautomate login ${epmusersource} ${epmpwdsource} ${epmurlsource} ${epmidentitydomainsource} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
echo "Creating role assignment report: ${roleassignmentreport}"
epmautomate roleAssignmentReport ${roleassignmentreport}
if (${emailtoaddress} -match "@") {
epmautomate.bat sendMail $emailtoaddress "Role assignment report" Body="Role assignment report is attached." Attachments=$roleassignmentreport
}
echo "Downloading role assignment report"
epmautomate downloadfile ${roleassignmentreport}
epmautomate deletefile ${roleassignmentreport}
epmautomate logout
echo "Creating files to use with epmautomate assignRoles"
Get-Content ${roleassignmentreport} | ForEach-Object {
$user=$_.split(',')[0]
$rolename=$_.split(',')[4]
if ($rolename -like '*User' -And $rolename -notlike '*Power User') {
$rolenamearray=$rolename.split(" ")
$arraysize=$rolenamearray.count
$rolename="User"
if ($arraysize.count -le 2) {
echo "${user}" | Out-File -Append -Encoding "UTF8" "role-${rolename}.csv"
}
}
elseif ($rolename -like '*Viewer') {
$rolenamearray=$rolename.split(" ")
$arraysize=$rolenamearray.count
$rolename="Viewer"
if ($arraysize -le 2) {
echo "${user}" | Out-File -Append -Encoding "UTF8" "role-${rolename}.csv"
}
}
elseif ($rolename -like '*Power User') {
$rolenamearray=$rolename.split(" ")
$arraysize=$rolenamearray.count
$rolename="Power User"
if ($arraysize -le 3) {
echo "${user}" | Out-File -Append -Encoding "UTF8" "role-${rolename}.csv"
}
}
elseif ($rolename -like '*Service Administrator') {
$rolenamearray=$rolename.split(" ")
$arraysize=$rolenamearray.count
$rolename="Service Administrator"
if ($arraysize -le 3) {
echo "${user}" | Out-File -Append -Encoding "UTF8" "role-${rolename}.csv"
}
}
elseif ($rolename -like 'Planner') {
echo "${user}" | Out-File -Append -Encoding "UTF8" "role-User.csv"
}
}
# Add header and format
$rolefiles = Get-ChildItem "role-*.csv"
foreach ($rolefile in $rolefiles) {
$rolefilecontent = Get-Content "$rolefile"
$headerline='User Login'
Set-Content $rolefile -value $headerline,$rolefilecontent
$txt = [io.file]::ReadAllText("$rolefile") -replace "`r`n","`n"
[io.file]::WriteAllText("$rolefile", $txt)
}
# epmautomate login Target App as an IDM Admin
echo "Logging into target application at ${epmurltarget}"
epmautomate login ${epmusertarget} ${epmpwdtarget} ${epmurltarget} ${epmidentitydomaintarget} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
$rolefiles = Get-ChildItem "role-*.csv"
foreach ($rolefile in $rolefiles) {
$rolenamecsv=$rolefile.BaseName.split('-')[1]
$rolename=$rolenamecsv.split('.')[0]
epmautomate deletefile "${rolefile}" | Out-Null
echo "Uploading file ${rolefile}"
epmautomate uploadfile "${rolefile}"
echo "Assigning ${rolename} roles"
epmautomate assignRole "role-${rolename}.csv" "${rolename}"
epmautomate deletefile "role-${rolename}.csv"
}
epmautomate logout
rm deletefile*.log | Out-Null
}
function init
{
# delete ${role}.csv files
$rolefiles = Get-ChildItem "role-*.csv"
foreach ($rolefile in $rolefiles) {
$rolefileexists=Test-Path $rolefile
if ($rolefileexists) {
rm "${rolefile}"
}
}
}
echo "Replicate predefined roles script started"
init
replicateroles
echo "Replicate predefined roles script completed"
replicatepredefineroles.bat copiando o script a seguir.
@ECHO OFF SET thisdir=%~dp0 SET scriptpath=%thisdir%replicatepredefinedroles.ps1 REM USER DEFINED VARIABLES REM ----------------------- set epmusersource="<EPM USER FOR SOURCE ENVIRONMENT>" set epmpwdsource="<EPM PASSWORD FOR SOURCE ENVIRONMENT>" set epmurlsource="<EPM URL FOR SOURCE ENVIRONMENT>" set epmidentitydomainsource="<EPM IDENTITY DOMAIN FOR SOURCE ENVIRONMENT>" set epmusertarget="<EPM USER FOR TARGET ENVIRONMENT>" set epmpwdtarget="<EPM PASSWORD FOR TARGET ENVIRONMENT>" set epmurltarget="<EPM URL FOR TARGET ENVIRONMENT>" set epmidentitydomaintarget="<EPM IDENTITY DOMAIN FOR TARGET ENVIRONMENT>" set proxyserverusername="<PROXY SERVER USER NAME>" set proxyserverpassword="<PROXY SERVER PASSWORD>" set proxyserverdomain="<PROXY SERVER DOMAIN>" set emailtoaddress="<EMAIL_TO_ADDRESS>" REM ----------------------- PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& '%scriptpath%' -epmusersource '%epmusersource%' -epmpwdsource '%epmpwdsource%' -epmurlsource '%epmurlsource%' -epmidentitydomainsource '%epmidentitydomainsource%' -epmusertarget '%epmusertarget%' -epmpwdtarget '%epmpwdtarget%' -epmurltarget '%epmurltarget%' -epmidentitydomaintarget '%epmidentitydomaintarget%' -proxyserverusername '%proxyserverusername%' -proxyserverpassword '%proxyserverpassword%' -proxyserverdomain '%proxyserverdomain%' -emailtoaddress '%emailtoaddress%'"
replicatepredefineroles.bat conforme necessário. Na tabela a seguir, veja informações sobre os valores que você deverá definir par as propriedades desse arquivo.
Atualização de replicatepredefineroles.bat
| Parâmetro | Descrição |
|---|---|
epmusersource |
Nome de usuário de um usuário com funções de Administrador do Domínio de Identidade e Administrador do Serviço no ambiente de origem.
Exemplos: Windows: Linux/UNIX: |
epmpwdsource |
Senha do usuário ou o caminho absoluto do arquivo de senha criptografada.
Exemplos: Windows: Linux/UNIX: |
epmurlsource |
URL do ambiente de onde os usuários serão copiados.
Exemplos: Windows: Linux/UNIX: |
epmidentitydomainsource |
O nome do domínio de identidade usado pelo ambiente de origem.
Exemplos: Windows: Linux/UNIX: |
epmusertarget |
Nome de usuário de um usuário com funções de Administrador do Domínio de Identidade e Administrador do Serviço no ambiente de destino.
Exemplos: Windows: Linux/UNIX: |
epmpwdtarget |
Senha do usuário ou o caminho absoluto do arquivo de senha criptografada.
Exemplos: Windows: Linux/UNIX: |
epmurltarget |
URL do ambiente em que os usuários serão criados.
Exemplos: Windows: Linux/UNIX: |
epmidentitydomaintarget |
Nome do domínio de identidade usado pelo ambiente de destino.
Exemplos: Windows: Linux/UNIX: |
proxyserverusername |
O nome do usuário para autenticar uma sessão segura no servidor proxy que controla o acesso à internet. Exclua todas as ocorrências dessa propriedade caso ela não seja usada.
Exemplos: Windows: Linux/UNIX: |
proxyserverpassword |
A senha para autenticar o usuário no servidor proxy. Exclua todas as ocorrências dessa propriedade caso ela não seja usada.
Exemplos: Windows: Linux/UNIX: |
proxyserverdomain |
O nome do domínio definido para o servidor proxy. Exclua todas as ocorrências dessa propriedade caso ela não seja usada.
Exemplos: Windows: Linux/UNIX: |
emailtoaddress |
Opcionalmente, o endereço de e-mail para o qual o relatório de Atribuição de Funções será enviado. O relatório só será enviado por e-mail se esse valor for especificado.
Exemplo: |
Linux/UNIX
replicatepredefineroles.sh copiando o script a seguir.
#!/bin/sh
# USER DEFINED VARIABLES
#-----------------------
javahome="<JAVA HOME>"
epmautomatescript="<EPM AUTOMATE SCRIPT LOCATION>"
epmusersource="<EPM USER FOR SOURCE ENVIRONMENT>"
epmpwdsource="<EPM PASSWORD FOR SOURCE ENVIRONMENT>"
epmurlsource="<EPM URL FOR SOURCE ENVIRONMENT>"
epmidentitydomainsource="<EPM IDENTITY DOMAIN FOR SOURCE ENVIRONMENT>"
epmusertarget="<EPM USER FOR TARGET ENVIRONMENT>"
epmpwdtarget="<EPM PASSWORD FOR TARGET ENVIRONMENT>"
epmurltarget="<EPM URL FOR TARGET ENVIRONMENT>"
epmidentitydomaintarget="<EPM IDENTITY DOMAIN FOR TARGET ENVIRONMENT>"
proxyserverusername="<PROXY SERVER USER NAME>"
proxyserverpassword="<PROXY SERVER PASSWORD>"
proxyserverdomain="<PROXY SERVER DOMAIN>"
emailtoaddress="<EMAIL TO ADDRESS>"
#-----------------------
roleassignmentreport="roleassignmentreport.csv"
export JAVA_HOME=${javahome}
replicateroles()
{
# epmautomate login Source App as an DM Admin
echo "Logging into source application at ${epmurlsource}"
${epmautomatescript} login ${epmusersource} ${epmpwdsource} ${epmurlsource} ${epmidentitydomainsource} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
echo "Creating role assignment report: ${roleassignmentreport}"
${epmautomatescript} roleAssignmentReport ${roleassignmentreport}
if [[ "${emailtoaddress}" == *"@"* ]]
then
${epmautomatescript} sendMail $emailtoaddress "Role assignment report" Body="Role assignment report is attached." Attachments=$roleassignmentreport
fi
echo "Downloading role assignment report"
${epmautomatescript} downloadfile ${roleassignmentreport}
${epmautomatescript} deletefile ${roleassignmentreport}
${epmautomatescript} logout
echo "Creating files to use with epmautomate assignRoles"
while read line
do
user=$(echo "${line}" | cut -d',' -f1)
rolename=$(echo "${line}" | cut -d',' -f5)
if [[ "$rolename" == *"User" ]] && [[ "$rolename" != "*Power User" ]]
then
count=$(echo "${rolename}" | wc -w);
rolename="User"
if [[ $count -le 2 ]]
then
echo "${user}" >> "role-${rolename}.csv"
fi
elif [[ "$rolename" == *"Viewer" ]]
then
count=$(echo "${rolename}" | wc -w);
rolename="Viewer"
if [[ $count -le 2 ]]
then
echo "${user}" >> "role-${rolename}.csv"
fi
elif [[ "$rolename" == *"Power User" ]]
then
count=$(echo "${rolename}" | wc -w);
rolename="Power User"
if [[ $count -le 3 ]]
then
echo "${user}" >> "role-${rolename}.csv"
fi
elif [[ "$rolename" == *"Service Administrator" ]]
then
count=$(echo "${rolename}" | wc -w);
rolename="Service Administrator"
if [[ $count -le 3 ]]
then
echo "${user}" >> "role-${rolename}.csv"
fi
elif [[ "$rolename" == "Planner" ]]
then
echo "${user}" >> "role-User.csv"
fi
done < ${roleassignmentreport}
# write header line
for f in role-*.csv
do
sed -i '1iUser Login' "$f"
done
# epmautomate login Target App as an IDM Admin
echo "Logging into target application at ${epmurltarget}"
${epmautomatescript} login ${epmusertarget} ${epmpwdtarget} ${epmurltarget} ${epmidentitydomaintarget} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
for rolefile in role-*.csv
do
rolenamecsv=$(echo "$rolefile" | cut -d'-' -f2)
rolename=$(echo "$rolenamecsv" | cut -d'.' -f1)
${epmautomatescript} deletefile "${rolefile}" > /dev/null 2>&1
echo "Uploading file ${rolefile}"
${epmautomatescript} uploadfile "${rolefile}"
echo "Assigning roles"
${epmautomatescript} assignrole "${rolefile}" "${rolename}"
${epmautomatescript} deletefile "${rolefile}"
done
${epmautomatescript} logout
rm deletefile*.log > /dev/null 2>&1
}
init()
{
# delete role-${role}.csv files
for f in role-*.csv
do
rm "$f" > /dev/null 2>&1
done
}
echo "Replicate predefined roles script started"
init
replicateroles
echo "Replicate predefined roles script completed"
replicatepredefineroles.sh. Veja a tabela anterior para obter informações sobre os valores que você deve especificar. Além disso, você deve especificar os valores para estas propriedades:
javahome: o caminho absoluto para o diretório em que o Java está instalado.epmautomatescript: a localização de epmautomatescript.sh; por exemplo, epmautomatescript="/home/user1/epmautomate/bin/epmautomate.sh"