Create Many Users with Unique Passwords

Use the PowerShell and Bash Shell scripts in this section to leverage EPM Automate addUsers command to create many Oracle Enterprise Performance Management Cloud users, each with own password.

If you are using the PDF version of this document: To avoid line breaks and footer information that will render the scripts unusable, copy them from the HTML version of this topic.

You use the scripts in this section to complete these tasks:

  • Upload a CSV file containing user information to the environment.

  • Create users in the identity domain and assign unique password for each user.

  • Delete the uploaded CSV file from the environment.

Note:

You need both Service Administrator and Identity Domain Administrator roles to run this script.

To create many users, each with a unique password:

  1. Create a CSV file containing user information. File format is as follows:

    First Name,Last Name,Email,User Login,Password
    Jane,Doe,jane.doe@example.com,jdoe,P@ssword1
    John,Doe,john.doe@example.com,john.doe@example.com,P@ssword2

    Save the file, for example, as users.csv, and store it in the directory where you store the script files that will be created in the following steps.

  2. Copy the script from one of the following sections to a file and save it, for example, as addusers.ps1 (Windows) or ./epmautomate/bin/addusers.sh (Linux/UNIX).

  3. Windows only: Create a batch file named addusers.bat by copying the following script into a file. Save the file in the directory where users.CSV is stored.

    @echo off
    set paramRequiredMessage=Syntax: addusers.bat "FILENAME" "[resetPassword=true|false]"
    
    set adminusername="ADMIN_USER_NAME"
    set adminpassword="ADMIN_PASSWORD"
    set url="URL"
    set identitydomain="IDENTITY_DOMAIN"
    
    set dirpath=%~dp0
    echo %dirpath:~0,-1%
    cd %dirpath:~0,-1%
    set resetpassword=%~2
    
    if "%~1" == "" (
            echo File Name is missing.
            echo %paramRequiredMessage%
            exit /b 1
      )
    if "%resetpassword%" == "" (
            set resetpassword="resetPassword=true"
      )
    
    PowerShell.exe -File addusers.ps1 %~1 %resetpassword% %adminusername% %adminpassword% %url% %identitydomain%
  4. Modify addusers.bat (Windows) or addusers.sh (Linux/UNIX) to set the values for the parameters in the following table.

    Table 3-1 Variable Values to Include in Scripts

    Variable Description
    adminusername User name of a Service Administrator who is also assigned the Identity Domain Administrator role.

    Examples:

    Windows: set adminusername="jDoe"

    Linux/UNIX: adminusername="John.Doe"

    adminpassword Password of the Service Administrator or the location of the encrypted password file. See the encrypt command for information on creating an encrypted password file. If the password contains special characters, see Handling Special Characters.

    Examples:

    Windows: set adminpassword = "Example"

    Linux/UNIX: adminpassword="Example"

    url The URL of the EPM Cloud environment.

    Examples:

    Windows: set url="https://example.oraclecloud.com"

    Linux/UNIX: url="https://example.oraclecloud.com"

    identitydomain Name of the identity domain that services the environment.

    Examples:

    Windows: set identitydomain="example"

    Linux/UNIX: identitydomain="example"

  5. For addusers.sh only: Ensure that the following values are set correctly for your system:

    • javahome
    • Location of epmautomatescript.sh by updating the value of epmautomatescript directive
  6. Run addusers.bat (which executes addusers.ps1) or addusers.sh from the directory where the scripts are stored, execute the following command:

    Windows: addusers.bat "fileName.csv" ["resetPassword=true|false"].

    Linux/UNIX: ./addusers.sh "fileName.csv" ["resetPassword=true|false"] where:

    • fileName.csv is the name of the CSV file containing user information.

      Windows only: This parameter and its value must be enclosed in double quotation marks.

    • resetpassword is an optional parameter indicating whether you want to force users to change their passwords after the first login. Default, true, is recommended.

      Windows only: This parameter and its value must be enclosed in double quotation marks.

Examples:

  • Windows: addusers.bat "users.csv" "resetPassword=false"

  • Linx/UNIX: ./addusers.sh users.csv resetPassword=false

PowerShell Script (adduser.ps1)

# Add users script

$inputfile=$args[0]
$resetpassword=$args[1]
$adminusername=$args[2]
$adminpassword=$args[3]
$url=$args[4]
$identitydomain=$args[5]

# Generic variables
$datedefaultformat=$(get-date)
$global:addusersfile="addusers.csv"
$logfile="addusers.log"

function LogMessage
{
    $message=$args[0]

    echo "$message" >> $logfile
}

function EchoAndLogMessage
{
    $message=$args[0]

    echo "$message"
    echo "$message" >> $logfile
}

function Init
{
    $logfileexists=Test-Path $logfile
    if ($logfileexists) {
        rm $logfile 2>&1 | out-null
    }
    
    if ($inputfile -eq $addusersfile) {
        $global:addusersfile="addusers-tmp.csv"
    }
}

function Coda
{
    $addusersfileexists=Test-Path $addusersfile
    if ($addusersfileexists) {
        rm $addusersfile 2>&1 | out-null
    }
}

function ValidateInputFile
{
    $inputfileheader=Get-Content $inputfile | Select -Index 0
    $inputfilefirstrecord=Get-Content $inputfile | Select -Index 1

    if ($inputfileheader -notlike "*First Name,Last Name,Email,User Login,Password*") {
        EchoAndLogMessage "File ${inputfile} does not contain correct header: `"First Name,Last Name,Email,User Login,Password`". Please correct before re-running script. Exiting."
        exit
    }

    $elements=$inputfilefirstrecord -split ","
    $firstname=$elements[0]
    $lastname=$elements[1]
    $email=$elements[2]
    $username=$elements[3]
    $password=$elements[4]

    if ([string]::IsNullOrEmpty($firstname)) {
        EchoAndLogMessage "The first record of file ${inputfile} contains an empty first name. Please correct before re-running script. Exiting."
        exit
    } elseif ([string]::IsNullOrEmpty($lastname)) {
        EchoAndLogMessage "The first record of file ${inputfile} contains an empty last name. Please correct before re-running script. Exiting."
        exit
    } elseif ([string]::IsNullOrEmpty($email)) {
        EchoAndLogMessage "The first record of file ${inputfile} contains an empty email address. Please correct before re-running script. Exiting."
        exit
    } elseif ([string]::IsNullOrEmpty($username)) {
        EchoAndLogMessage "The first record of file ${inputfile} contains an empty user login. Please correct before re-running script. Exiting."
        exit
    } elseif ([string]::IsNullOrEmpty($password)) {
        EchoAndLogMessage "The first record of file ${inputfile} contains an empty password. Please correct before re-running script. Exiting."
        exit
    }
}

function ValidateInput
{
    $inputfileexists=Test-Path $inputfile
    if (!($inputfileexists)) {
        EchoAndLogMessage "Could not locate required file ${inputfile}"
        EchoAndLogMessage "Syntax: addusers.bat FILENAME [resetPassword=true|false]"
        EchoAndLogMessage "Exiting now."
        exit
    }

    ValidateInputFile
}

function ProcessCommand
{
    $op=$args
    echo "EPM Automate operation: epmautomate.bat $op" >> $logfile
    epmautomate.bat $op >> $logfile 2>&1
    if ($LASTEXITCODE -ne 0) {
        echo "EPM Automate operation failed: epmautomate.bat $op. See $logfile for details."
    }
}

function processInputFile
{
    $infile=$args[0]
    EchoAndLogMessage "Running: EPMAutomate login ${adminusername} ${adminpassword} ${url} ${identitydomain}"
    ProcessCommand login ${adminusername} ${adminpassword} ${url} ${identitydomain}
    Get-Content $infile | ForEach-Object {
        $fullpath=$_.trim()
        $elements=$fullpath.split(',')
        $firstname=$elements[0]
        $lastname=$elements[1]
        $email=$elements[2]
        $username=$elements[3]
        $password=$elements[4]

        if ($firstname -eq "First Name") {
            return
        } else {
            EchoAndLogMessage "Creating add users file: ${addusersfile}"
            echo "First Name,Last Name,Email,User Login" > ${addusersfile}
            echo "${firstname},${lastname},${email},${username}" >> ${addusersfile}
            $txt = [io.file]::ReadAllText("$addusersfile") -replace "`r`n","`n"
            [io.file]::WriteAllText("$addusersfile", $txt)
        }

        LogMessage "Contents of add users file:"
        cat ${addusersfile} >> ${logfile}
        EchoAndLogMessage "Running: EPMAutomate uploadFile ${addusersfile}"
        ProcessCommand uploadFile ${addusersfile}
        EchoAndLogMessage "Running: EPMAutomate addUsers ${addusersfile} userPassword=${password} $resetPassword"
        ProcessCommand addUsers ${addusersfile} userPassword=${password} ${resetpassword}
        EchoAndLogMessage "Running: EPMAutomate deleteFile ${addusersfile}"
        ProcessCommand deleteFile ${addusersfile}
    }

    EchoAndLogMessage "Running: EPMAutomate logout"
    ProcessCommand logout
}

Init
EchoAndLogMessage "$datedefaultformat"
EchoAndLogMessage "Addusers script started"
ValidateInput
ProcessInputFile "${inputfile}"
Coda
EchoAndLogMessage "Addusers script completed"
EchoAndLogMessage "$datedefaultformat"

Bash Shell Script (addusers.sh)

#!/bin/sh

inputfile=$1
resetpasswordvalue=$2
addusersfile="addusers.csv"
logfile="addusers.log"

# UPDATE VALUES FOR YOUR TEST ENVIRONMENT
javahome=/home/user1/jdk1.8.0_191
epmautomatescript=/home/user1/epmautomate/bin/epmautomate.sh
adminusername=adminuser1
adminpassword=adminpassword1
url=https://planning-a12345.pbcs.us2.oraclecloud.com
identitydomain=""

export JAVA_HOME=${javahome}

init()
{
    if [ -f "${logfile}" ]
    then
        rm ${logfile}
    fi

    if [ "${inputfile}" == "${addusersfile}" ]
    then
        addusersfile="addusers-tmp.csv"
    fi
}

coda()
{
    if [ -f "${addusersfile}" ]
    then
        rm ${addusersfile}
    fi
}

validateInputFile()
{
    local inputfileheader=$(head -n 1 ${inputfile})
    local inputfilefirstrecord=$(head -n 2 ${inputfile} | tail -n 1)

    if [[ "${inputfileheader}" != *"First Name,Last Name,Email,User Login,Password"* ]]
    then
        echo "File ${inputfile} does not contain correct header: \"First Name,Last Name,Email,User Login,Password\". Please correct before re-running script. Exiting." | tee -a ${logfile}
        exit
    fi

    local firstname=$(echo "${inputfilefirstrecord}" | cut -d',' -f1)
    local lastname=$(echo "${inputfilefirstrecord}" | cut -d',' -f2)
    local email=$(echo "${inputfilefirstrecord}" | cut -d',' -f3)
    local userlogin=$(echo "${inputfilefirstrecord}" | cut -d',' -f4)
    local password=$(echo "${inputfilefirstrecord}" | cut -d',' -f5)

    if [[ "${firstname}" == "" ]]
    then
        echo "The first record of file ${inputfile} contains an empty first name. Please correct before re-running script. Exiting." | tee -a ${logfile}
        exit
    elif [[ "${lastname}" == "" ]]
    then
        echo "The first record of file ${inputfile} contains an empty last name. Please correct before re-running script. Exiting." | tee -a ${logfile}
        exit
    elif [[ "${email}" == "" ]]
    then
        echo "The first record of file ${inputfile} contains an empty email address. Please correct before re-running script. Exiting." | tee -a ${logfile}
        exit
    elif [[ "${userlogin}" == "" ]]
    then
        echo "The first record of file ${inputfile} contains an empty user login. Please correct before re-running script. Exiting." | tee -a ${logfile}
        exit
    elif [[ "${password}" == "" ]]
    then
        echo "The first record of file ${inputfile} contains an empty password. Please correct before re-running script. Exiting." | tee -a ${logfile}
        exit
    fi
}

validateInput()
{
    if [ ! -f "${inputfile}" ]
    then
        echo "Could not locate required file ${inputfile}" | tee -a ${logfile}
        echo "Syntax: addusers.sh FILENAME [resetPassword=true|false]" | tee -a ${logfile}
        echo "Exiting now." | tee -a ${logfile}
        exit
    fi

    if [ ! -z "$(tail -c 1 "${inputfile}")" ]
    then
        echo "No newline found at end of file ${inputfile}. Adding newline to end of file." >> ${logfile}
        echo "" >> ${inputfile}
    fi

    validateInputFile

    if [[ "${resetpasswordvalue}" != "" ]]
    then
        resetpasswordvalue=$(echo "${resetpasswordvalue}" | cut -d'=' -f2)
    else
        resetpasswordvalue="true"
    fi
}

processInputFile()
{
    echo "Running: EPMAutomate login ${adminusername} ${adminpassword} ${url} ${identitydomain}" | tee -a ${logfile}
    ${epmautomatescript} login ${adminusername} ${adminpassword} ${url} ${identitydomain} >> ${logfile}

    while read line
    do
        firstname=$(echo "${line}" | cut -d',' -f1)
        lastname=$(echo "${line}" | cut -d',' -f2)
        email=$(echo "${line}" | cut -d',' -f3)
        username=$(echo "${line}" | cut -d',' -f4)
        password=$(echo "${line}" | cut -d',' -f5)

        if [[ "${firstname}" != "First Name" ]]
        then
            echo "Creating add users file: ${addusersfile}" | tee -a ${logfile}
            echo "First Name,Last Name,Email,User Login" > ${addusersfile}
            echo "${firstname},${lastname},${email},${username}" >> ${addusersfile}
        else
            continue
        fi

        echo "Contents of add users file:" >> ${logfile}
        cat ${addusersfile} >> ${logfile}
        echo "Running: EPMAutomate uploadFile ${addusersfile}" | tee -a ${logfile}
        ${epmautomatescript} uploadFile ${addusersfile} >> ${logfile}
        echo "Running: EPMAutomate addUsers ${addusersfile} userPassword=${password} resetPassword=${resetpasswordvalue}" | tee -a ${logfile}
        ${epmautomatescript} addUsers ${addusersfile} userPassword=${password} resetPassword=${resetpasswordvalue} >> ${logfile}
        echo "Running: EPMAutomate deleteFile ${addusersfile}" | tee -a ${logfile}
        ${epmautomatescript} deleteFile ${addusersfile} >> ${logfile}
    done < ${inputfile}

    echo "Running: EPMAutomate logout" | tee -a ${logfile}
    ${epmautomatescript} logout >> ${logfile}
}

init
date | tee ${logfile}
echo "Addusers script started" | tee -a ${logfile}
validateInput
processInputFile "${inputfile}"
coda
echo "Addusers script completed" | tee -a ${logfile}
date | tee -a ${logfile}