Replicating Predefined Role Assignments from One Environment to Another

Use the scripts in this section to clone predefined role assignments from one environment to another. The user running these scripts must have Service Administrator role in both environments.

Note:

If you are using the PDF version of this document: To avoid line breaks and footer information that will render these scripts unusable, copy them from the HTML version of this topic.

Windows

Create replicatepredefineroles.ps1 by copying the following script.

# Replicate predefined roles script

param(
  [string]$epmusersource,
  [string]$epmpwdsource,
  [string]$epmurlsource,
  [string]$epmidentitydomainsource,
  [string]$epmusertarget,
  [string]$epmpwdtarget,
  [string]$epmurltarget,
  [string]$epmidentitydomaintarget,
  [string]$proxyserverusername,
  [string]$proxyserverpassword,
  [string]$proxyserverdomain,
  [string]$emailtoaddress
)

$roleassignmentreport="roleassignmentreport.csv"

function replicateroles
{
    # epmautomate login Source App as an IDM Admin
    echo "Logging into source application at ${epmurlsource}"
    epmautomate login ${epmusersource} ${epmpwdsource} ${epmurlsource} ${epmidentitydomainsource} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
    echo "Creating role assignment report: ${roleassignmentreport}"
    epmautomate roleAssignmentReport ${roleassignmentreport}
    if (${emailtoaddress} -match "@") {
        epmautomate.bat sendMail $emailtoaddress "Role assignment report" Body="Role assignment report is attached." Attachments=$roleassignmentreport
    }
    echo "Downloading role assignment report"
    epmautomate downloadfile ${roleassignmentreport}
    epmautomate deletefile ${roleassignmentreport}
    epmautomate logout

    echo "Creating files to use with epmautomate assignRoles"

    Get-Content ${roleassignmentreport} | ForEach-Object {
        $user=$_.split(',')[0]
        $rolename=$_.split(',')[4]

        if ($rolename -like '*User' -And $rolename -notlike '*Power User') {
            $rolenamearray=$rolename.split(" ")
            $arraysize=$rolenamearray.count
            $rolename="User"
            if ($arraysize.count -le 2) {
                echo "${user}" | Out-File -Append -Encoding "UTF8" "role-${rolename}.csv" 
            }
        }
        elseif ($rolename -like '*Viewer') {
            $rolenamearray=$rolename.split(" ")
            $arraysize=$rolenamearray.count
            $rolename="Viewer"
            if ($arraysize -le 2) {
                echo "${user}" | Out-File -Append -Encoding "UTF8" "role-${rolename}.csv" 
            }
        }
        elseif ($rolename -like '*Power User') {
            $rolenamearray=$rolename.split(" ")
            $arraysize=$rolenamearray.count
            $rolename="Power User"
            if ($arraysize -le 3) {
                echo "${user}" | Out-File -Append -Encoding "UTF8" "role-${rolename}.csv" 
            }
        }
        elseif ($rolename -like '*Service Administrator') {
            $rolenamearray=$rolename.split(" ")
            $arraysize=$rolenamearray.count
            $rolename="Service Administrator"
            if ($arraysize -le 3) {
                echo "${user}" | Out-File -Append -Encoding "UTF8" "role-${rolename}.csv" 
            }
        }
        elseif ($rolename -like 'Planner') {
            echo "${user}" | Out-File -Append -Encoding "UTF8" "role-User.csv" 
        }
    }

    # Add header and format
    $rolefiles = Get-ChildItem "role-*.csv"
    foreach ($rolefile in $rolefiles) {
        $rolefilecontent = Get-Content "$rolefile" 
        $headerline='User Login'
        Set-Content $rolefile -value $headerline,$rolefilecontent
        $txt = [io.file]::ReadAllText("$rolefile") -replace "`r`n","`n"
        [io.file]::WriteAllText("$rolefile", $txt)
    }

    # epmautomate login Target App as an IDM Admin
    echo "Logging into target application at ${epmurltarget}"
    epmautomate login ${epmusertarget} ${epmpwdtarget} ${epmurltarget} ${epmidentitydomaintarget} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}

    $rolefiles = Get-ChildItem "role-*.csv"
    foreach ($rolefile in $rolefiles) {
        $rolenamecsv=$rolefile.BaseName.split('-')[1]
        $rolename=$rolenamecsv.split('.')[0]
        epmautomate deletefile "${rolefile}" | Out-Null
        echo "Uploading file ${rolefile}"
        epmautomate uploadfile "${rolefile}"
        echo "Assigning ${rolename} roles"
        epmautomate assignRole "role-${rolename}.csv" "${rolename}"
        epmautomate deletefile "role-${rolename}.csv"
    }
    epmautomate logout
    rm deletefile*.log | Out-Null
}

function init
{
    # delete ${role}.csv files
    $rolefiles = Get-ChildItem "role-*.csv"
    foreach ($rolefile in $rolefiles) {
        $rolefileexists=Test-Path $rolefile
        if ($rolefileexists) {
            rm "${rolefile}"
        }
    }
}

echo "Replicate predefined roles script started"
init
replicateroles
echo "Replicate predefined roles script completed"

Create replicatepredefineroles.bat by copying the following script.

@ECHO OFF
SET thisdir=%~dp0
SET scriptpath=%thisdir%replicatepredefinedroles.ps1

REM USER DEFINED VARIABLES
REM -----------------------
set epmusersource="<EPM USER FOR SOURCE ENVIRONMENT>"
set epmpwdsource="<EPM PASSWORD FOR SOURCE ENVIRONMENT>"
set epmurlsource="<EPM URL FOR SOURCE ENVIRONMENT>"
set epmidentitydomainsource="<EPM IDENTITY DOMAIN FOR SOURCE ENVIRONMENT>"
set epmusertarget="<EPM USER FOR TARGET ENVIRONMENT>"
set epmpwdtarget="<EPM PASSWORD FOR TARGET ENVIRONMENT>"
set epmurltarget="<EPM URL FOR TARGET ENVIRONMENT>"
set epmidentitydomaintarget="<EPM IDENTITY DOMAIN FOR TARGET ENVIRONMENT>"
set proxyserverusername="<PROXY SERVER USER NAME>"
set proxyserverpassword="<PROXY SERVER PASSWORD>"
set proxyserverdomain="<PROXY SERVER DOMAIN>"
set emailtoaddress="<EMAIL_TO_ADDRESS>"
REM -----------------------

PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& '%scriptpath%' -epmusersource '%epmusersource%' -epmpwdsource '%epmpwdsource%' -epmurlsource '%epmurlsource%' -epmidentitydomainsource '%epmidentitydomainsource%' -epmusertarget '%epmusertarget%' -epmpwdtarget '%epmpwdtarget%' -epmurltarget '%epmurltarget%' -epmidentitydomaintarget '%epmidentitydomaintarget%' -proxyserverusername '%proxyserverusername%' -proxyserverpassword '%proxyserverpassword%' -proxyserverdomain '%proxyserverdomain%' -emailtoaddress '%emailtoaddress%'"

Update replicatepredefineroles.bat as needed. See the following table for information on the values you must set for the properties in this file.

Updating replicatepredefineroles.bat

Parameter	Description
`epmusersource`	User name of a user with Identity Domain Administrator and Service Administrator roles in the source environment. Examples: Windows: `set epmusersource="jDoe"` Linux/UNIX: `epmusersource="jDoe"`
`epmpwdsource`	Password of the user or the absolute path of the encrypted password file. Examples: Windows: `set epmpwdsource="Example"` Linux/UNIX: `epmpwdsource="Example"`
`epmurlsource`	URL of the environment from which users are to be copied. Examples: Windows: `set epmurlsource="https://example.oraclecloud.com"` Linux/UNIX: `epmurlsource="https://example.oraclecloud.com"`
`epmidentitydomainsource`	Name of the identity domain used by the source environment. Examples: Windows: `set epmidentitydomainsource="example_source_dom"` Linux/UNIX: `epmidentitydomainsource="example_source_dom"`
`epmusertarget`	User name of a user with Identity Domain Administrator and Service Administrator roles in the target environment. Examples: Windows: `set epmusertarget="John.Doe"` Linux/UNIX: `set epmusertarget="John.Doe"`
`epmpwdtarget`	Password of the user or the absolute path of the encrypted password file. Examples: Windows: `set epmpwdtarget="Example1"` Linux/UNIX: `epmpwdtarget="Example1"`
`epmurltarget`	URL of the environment in which users are to be created. Examples: Windows: `set epmurltarget="https://example.oraclecloud.com"` Linux/UNIX: `epmurltarget="https://example.oraclecloud.com"`
`epmidentitydomaintarget`	Name of the identity domain used by the target environment. Examples: Windows: `set epmidentitydomaintarget="example_target_dom"` Linux/UNIX: `epmidentitydomaintarget="example_target_dom"`
`proxyserverusername`	The user name to authenticate a secure session with the proxy server that controls access to the internet. Delete all occurrence of this property if not used. Examples: Windows: `set proxyserverusername="Example"` Linux/UNIX: `proxyserverusername="Example"`
`proxyserverpassword`	The password to authenticate the user with the proxy server. Delete all occurrence of this property if not used. Examples: Windows: `set proxyserverpassword="examplePwd"` Linux/UNIX: `proxyserverpassword="examplePwd"`
`proxyserverdomain`	The name of the domain defined for the proxy server. Delete all occurrence of this property if not used. Examples: Windows: `set proxyserverdomain="exampleDom"` Linux/UNIX: `proxyserverdomain="exampleDom"`
`emailtoaddress`	Optionally, the email address to which the Role Assignment report is to be sent. The report is emailed only if this value is specified. Example: `emailtoaddress=john.doe@example.com`

Linux/UNIX

Create replicatepredefineroles.sh by copying the following script.

#!/bin/sh

# USER DEFINED VARIABLES
#-----------------------
javahome="<JAVA HOME>"
epmautomatescript="<EPM AUTOMATE SCRIPT LOCATION>"
epmusersource="<EPM USER FOR SOURCE ENVIRONMENT>"
epmpwdsource="<EPM PASSWORD FOR SOURCE ENVIRONMENT>"
epmurlsource="<EPM URL FOR SOURCE ENVIRONMENT>"
epmidentitydomainsource="<EPM IDENTITY DOMAIN FOR SOURCE ENVIRONMENT>"
epmusertarget="<EPM USER FOR TARGET ENVIRONMENT>"
epmpwdtarget="<EPM PASSWORD FOR TARGET ENVIRONMENT>"
epmurltarget="<EPM URL FOR TARGET ENVIRONMENT>"
epmidentitydomaintarget="<EPM IDENTITY DOMAIN FOR TARGET ENVIRONMENT>"
proxyserverusername="<PROXY SERVER USER NAME>"
proxyserverpassword="<PROXY SERVER PASSWORD>"
proxyserverdomain="<PROXY SERVER DOMAIN>"
emailtoaddress="<EMAIL TO ADDRESS>"
#-----------------------

roleassignmentreport="roleassignmentreport.csv"

export JAVA_HOME=${javahome}


replicateroles()
{
    # epmautomate login Source App as an DM Admin
    echo "Logging into source application at ${epmurlsource}"
    ${epmautomatescript} login ${epmusersource} ${epmpwdsource} ${epmurlsource} ${epmidentitydomainsource} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
    echo "Creating role assignment report: ${roleassignmentreport}"
    ${epmautomatescript} roleAssignmentReport ${roleassignmentreport}
    if [[ "${emailtoaddress}" == *"@"* ]]
    then
        ${epmautomatescript} sendMail $emailtoaddress "Role assignment report" Body="Role assignment report is attached." Attachments=$roleassignmentreport
    fi
    echo "Downloading role assignment report"
    ${epmautomatescript} downloadfile ${roleassignmentreport}
    ${epmautomatescript} deletefile ${roleassignmentreport}
    ${epmautomatescript} logout

    echo "Creating files to use with epmautomate assignRoles"
    while read line
    do
        user=$(echo "${line}" | cut -d',' -f1)
        rolename=$(echo "${line}" | cut -d',' -f5)

        if [[ "$rolename" == *"User" ]] && [[ "$rolename" != "*Power User" ]]
        then
            count=$(echo "${rolename}" | wc -w);
            rolename="User"
            if [[ $count -le 2 ]]
            then
                echo "${user}" >> "role-${rolename}.csv" 
            fi
        elif [[ "$rolename" == *"Viewer" ]] 
        then
            count=$(echo "${rolename}" | wc -w);
            rolename="Viewer"
            if [[ $count -le 2 ]]
            then
                echo "${user}" >> "role-${rolename}.csv" 
            fi
        elif [[ "$rolename" == *"Power User" ]] 
        then
            count=$(echo "${rolename}" | wc -w);
            rolename="Power User"
            if [[ $count -le 3 ]]
            then
                echo "${user}" >> "role-${rolename}.csv" 
            fi
        elif [[ "$rolename" == *"Service Administrator" ]] 
        then
            count=$(echo "${rolename}" | wc -w);
            rolename="Service Administrator"
            if [[ $count -le 3 ]]
            then
                echo "${user}" >> "role-${rolename}.csv" 
            fi
        elif [[ "$rolename" == "Planner" ]] 
        then
                echo "${user}" >> "role-User.csv" 
        fi
    done < ${roleassignmentreport}

    # write header line
    for f in role-*.csv
    do
        sed -i '1iUser Login' "$f"
    done

    # epmautomate login Target App as an IDM Admin
    echo "Logging into target application at ${epmurltarget}"
    ${epmautomatescript} login ${epmusertarget} ${epmpwdtarget} ${epmurltarget} ${epmidentitydomaintarget} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}

    for rolefile in role-*.csv
    do
        rolenamecsv=$(echo "$rolefile" | cut -d'-' -f2)
        rolename=$(echo "$rolenamecsv" | cut -d'.' -f1)
        ${epmautomatescript} deletefile "${rolefile}" > /dev/null 2>&1
        echo "Uploading file ${rolefile}"
        ${epmautomatescript} uploadfile "${rolefile}"
        echo "Assigning roles"
        ${epmautomatescript} assignrole "${rolefile}" "${rolename}"
        ${epmautomatescript} deletefile "${rolefile}"
    done

    ${epmautomatescript} logout
    rm deletefile*.log > /dev/null 2>&1
}

init()
{
    # delete role-${role}.csv files
    for f in role-*.csv
    do
        rm "$f" > /dev/null 2>&1
    done
}

echo "Replicate predefined roles script started"
init
replicateroles
echo "Replicate predefined roles script completed"

Update replicatepredefineroles.sh. See the preceding table for information on the values you must specify. Additionally, you must specify the values for these properties:
- javahome: the absolute path to the directory where Java is installed.
- epmautomatescript: Location of epmautomatescript.sh; for example, epmautomatescript="/home/user1/epmautomate/bin/epmautomate.sh"