Create Audit Reports of Users Assigned to Roles
Use the scripts in this section to automate the process of creating an audit report for users assigned to predefine roles in an environment and, optionally, email it to a recipient.
This audit report shows the users assigned to predefined roles or groups that changed since the last time the report was generated. To create a daily audit report, run this script on a daily basis.
Create provisioningAuditReport.bat
by copying the following script. This wrapper batch script calls the PowerShell script provisioningAuditReport.ps1
, the source code for which is provided later on in this scenario.
Note:
- Input parameters for running
provisioningAuditReport.bat
are:username
,password
orpassword_file
,service_url
, andreport_email_to_address
(optional, required only if you want to send the report to an email address). - If the password contains special characters, see Handling Special Characters.
@echo off
set paramRequiredMessage=Syntax: provisioningAuditReport.bat USERNAME PASSWORD/PASSWORD_FILE URL [REPORT_EMAIL_TO_ADDRESS]
if "%~1" == "" (
echo User Name is missing.
echo %paramRequiredMessage%
exit /b 1
)
if "%~2" == "" (
echo Password or Password_File is missing.
echo %paramRequiredMessage%
exit /b 1
)
if "%~3" == "" (
echo URL is missing.
echo %paramRequiredMessage%
exit /b 1
)
PowerShell.exe -File provisioningAuditReport.ps1 %*
provisioningAuditReport.bat
calls provisioningAuditReport.ps1
, which you create by copying the following script.
provisioningAuditReport.ps1
creates the audit report. Place it in the same directory where provisioningAuditReport.bat
is located.
$username=$args[0]
$password=$args[1]
$url=$args[2]
$reportemailtoaddress=$args[3]
$date=$(get-date -f dd_MM_yy_HH_mm_ss)
$datedefaultformat=$(get-date)
$logdir="./logs/"
$logfile="$logdir/epmautomate-provisionauditreport-" + $date + ".log"
$reportdir="./reports/"
$provisionreport="provreport-audittest-" + $date + ".csv"
$provisionreporttemp="./provreport-audittest-temp.csv"
$provisionreportunique="./provreport-audittest-unique.csv"
$provisionreportbaselineunique="./provreport-audittest-baseline-unique.csv"
function EchoAndLogMessage
{
$message=$args[0]
echo "$message"
echo "$message" >> $logfile
}
function Init
{
$logdirexists=Test-Path $logdir
if (!($logdirexists)) {
mkdir $logdir 2>&1 | out-null
}
$logfileexists=Test-Path $logfile
if ($logfileexists) {
rm $logfile 2>&1 | out-null
}
$reportdirexists=Test-Path $reportdir
if (!($reportdirexists)) {
mkdir $reportdir 2>&1 | out-null
}
}
function PostProcess
{
rm $provisionreporttemp
mv -Force $provisionreportunique $provisionreportbaselineunique
}
function ProcessCommand
{
$op=$args
echo "EPM Automate operation: epmautomate.bat $op" >> $logfile
epmautomate.bat $op >> $logfile 2>&1
if ($LASTEXITCODE -ne 0) {
echo "EPM Automate operation failed: epmautomate.bat $op. See $logfile for details."
exit
}
}
function RunEpmAutomateCommands
{
EchoAndLogMessage "Running EPM Automate commands to generate the provisioning report."
ProcessCommand login $username $password $url
ProcessCommand provisionreport $provisionreport
ProcessCommand downloadfile $provisionreport
ProcessCommand deletefile $provisionreport
ProcessCommand logout
}
function CreateProvisionReportTempFile
{
# Loop through iteration csv file and parse
Get-Content $provisionreport | ForEach-Object {
$elements=$_.split(',')
echo "$($elements[0]),$($elements[2])" >> $provisionreporttemp
}
}
function CreateUniqueElementsFile
{
gc $provisionreporttemp | sort | get-unique > $provisionreportunique
}
function CheckBaselineAndCreateAuditReport
{
$provisionreportbaselineuniqueexists=Test-Path $provisionreportbaselineunique
if (!($provisionreportbaselineuniqueexists)) {
EchoAndLogMessage "No existing provisioning report, so comparison with a baseline is not possible. Audit report will be created at the next test run."
} else {
CreateAuditReport
}
}
function EmailAuditReport
{
$auditreport=$args[0]
$elements=$auditreport.split('/')
$auditreportname=$elements[2]
if (${reportemailtoaddress} -match "@") {
EchoAndLogMessage "Emailing audit report"
ProcessCommand login $username $password $url
ProcessCommand uploadFile $auditreport
ProcessCommand sendMail $reportemailtoaddress "Provisionining Audit Report" Body="Provisioning Audit Report is attached." Attachments=$auditreportname
ProcessCommand deleteFile $auditreportname
ProcessCommand logout
}
}
function CreateAuditReport
{
$auditreport=$reportdir + "auditreport-"+ $date + ".txt"
$additions = @()
$deletions = @()
EchoAndLogMessage "Comparing previous provisioning report with the current report."
$compare=compare-object (get-content $provisionreportunique) (get-content $provisionreportbaselineunique)
$compare | foreach {
if ($_.sideindicator -eq '<=')
{
$additions += $_.inputobject
} elseif ($_.sideindicator -eq '=>') {
$deletions += $_.inputobject
}
}
echo "Provisioning Audit Report for $datedefaultformat" > $auditreport
echo "------------------------------------------------" >> $auditreport
if ($additions.count -ne 0)
{
echo " " >> $auditreport
echo "Additions:" >> $auditreport
foreach($element in $additions) { echo "$element" >> $auditreport }
}
if ($deletions.count -ne 0)
{
echo " " >> $auditreport
echo "Deletions:" >> $auditreport
foreach($element in $deletions) { echo "$element" >> $auditreport }
}
if (($additions.count -eq 0) -and ($deletions.count -eq 0))
{
echo " " >> $auditreport
echo "No changes from last audit report." >> $auditreport
}
EchoAndLogMessage "Provisioning audit report has been generated: $auditreport."
EmailAuditReport $auditreport
}
Init
EchoAndLogMessage "Starting EPMAutomate provisioning audit reporting"
RunEpmAutomateCommands
CreateProvisionReportTempFile
CreateUniqueElementsFile
CheckBaselineAndCreateAuditReport
PostProcess
EchoAndLogMessage "EPMAutomate provisioning audit reporting completed"