Create Users and Assign Them to Predefined Roles
Use the scripts in this section to create users and assign them to predefined roles in the identity domain.
-
Sign in to the environment as a Service Administrator with the Identity Domain Administrator role.
-
Export groups and membership information from the environment to regenerate a snapshot that you specify; for example,
example_snapshot.zip
. It is assumed that you previously exported Groups and Membership artifacts using Migration to create this snapshot. -
Download the snapshot (
example_snapshot.zip
) to a local directory. -
Delete the snapshot (
example_snapshot.zip
) from the environment. -
Sign out of the environment.
-
Perform operations for which you added custom code. Such operations may include:
- Extracting the contents of
example_snapshot.zip
- Appending new user information to
HSS-Shared Services\resource\External Directory\Users.csv
in First Name,Last Name,Email,User Login format. For detailed information, see Importing a Batch of User Accounts in Getting Started with Oracle Cloud. - Appending information about role assignments of new users (in First
Name,Last Name,Email,User Login format) to appropriate roles file(s) in
HSS-Shared Services\resource\External Directory\Roles\
. For example, assignment to Service Administrator role should be appended to<service_name> Service Administrator.csv
while assignments to Viewer roe should be appended toHSS-Shared Services\resource\External Directory\Roles\<service_name> Viewer.csv
. For detailed information, see Assigning One Role to Many Users in Getting Started with Oracle Cloud. - Recreating the snapshot with the updated files by zipping the
HSS-Shared Services
directory and its contents.
- Extracting the contents of
-
Sign into the environment as a Service Administrator who also has Identity Domain Administrator role.
-
Upload the modified
example_snapshot.zip
to the environment. -
Import
example_snapshot.zip
into the environment. -
Delete the uploaded
example_snapshot.zip
from the environment. -
Sign out.
Windows Sample Script
Create a file namedcreateUsersAndAssignRoles.ps1
by
copying the following script. Store it in a local
directory.$inputproperties = ConvertFrom-StringData(Get-Content ./input.properties -raw)
$username="$($inputproperties.username)"
$passwordfile="$($inputproperties.passwordfile)"
$serviceURL="$($inputproperties.serviceURL)"
$snapshotName="$($inputproperties.snapshotName)"
$userspassword="$($inputproperties.userspassword)"
$resetPassword="$($inputproperties.resetPassword)"
epmautomate login ${username} ${passwordfile} ${serviceURL}
epmautomate exportsnapshot ${snapshotName}
epmautomate downloadfile ${snapshotName}.zip
epmautomate deletefile ${snapshotName}.zip
epmautomate logout
# Add custom code to extract the contents of example_snapshot.zip
# Add custom code to append new user information to HSS-Shared Services\resource\External Directory\Users.csv
# Optional: Add custom code to append role information to the appropriate role file(s) in HSS-Shared Services\resource\External Directory\Roles\
# Add custom code to zip HSS-Shared Services and its contents as example_snapshot.zip
epmautomate login ${username} ${passwordfile} ${serviceURL}
epmautomate uploadfile ${snapshotName}.zip
epmautomate importsnapshot ${snapshotName} userPassword=${userspassword} resetPassword=${resetPassword}
epmautomate deletefile ${snapshotName}.zip
epmautomate logout
Linux/UNIX Sample Script
Create a file namedcreateUsersAndAssignRoles.sh
by
copying the following script. Store it in a local
directory.#!/bin/bash
. ./input.properties
export JAVA_HOME=${javahome}
${epmautomatescript} login "${username}" "${passwordfile}" "${serviceURL}"
${epmautomatescript} exportsnapshot "${snapshotName}"
${epmautomatescript} downloadfile "${snapshotName}.zip"
${epmautomatescript} deletefile "${snapshotName}.zip"
${epmautomatescript} logout
# Add custom code to extract the contents of example_snapshot.zip
# Add custom code to append new user information to HSS-Shared Services\resource\External Directory\Users.csv
# Optional: Add custom code to append role information to the appropriate role file(s) in HSS-Shared Services\resource\External Directory\Roles\
# Add custom code to zip HSS-Shared Services and its contents as example_snapshot.zip
${epmautomatescript} login "${username}" "${passwordfile}" "${serviceURL}"
${epmautomatescript} uploadfile "${snapshotName}.zip"
${epmautomatescript} importsnapshot "${snapshotName}" "userPassword=${userspassword}" "resetPassword=${resetPassword}"
${epmautomatescript} deletefile "${snapshotName}.zip"
${epmautomatescript} logout
Sample input.properties File
To run thecreateUsersAndAssignRoles
scripts, create
the input.properties
file and update it with information for your
environment. Save the file in the directory where
createUsersAndAssignRoles.ps1
or
createUsersAndAssignRoles.sh
is
stored.
Windows
username=exampleAdmin
passwordfile=examplePassword.epw
serviceURL=exampleURL
snapshotName=SNAPSHOT_NAME
userspassword=TEMP_IDM_PASSWORD
resetPassword=true
Linux/UNIX
javahome=JAVA_HOME
epmautomatescript=EPM_AUTOMATE_LOCATION
username=exampleAdmin
passwordfile=examplePassword.epw
serviceURL=exampleURL
snapshotName=SNAPSHOT_NAME
userspassword=TEMP_IDM_PASSWORD
resetPassword=true
Table 3-2 input.properties Parameters
Parameter | Description |
---|---|
javahome |
JAVA_HOME location. For Linux/UNIX only.
|
epmautomatescript |
Absolute path of EPM Automate
executable (epmautomate.sh ). For Linux/UNIX
only.
|
username |
User name of a Service Administrator, who also has the Identity Domain Administrator role. |
password |
Password of the Service Administrator or the name and location of the encrypted password file. |
serviceURL |
URL of the environment from which you want to generate the snapshot. |
snapshotName |
A name for the snapshot you want to generate. It is assumed that you previously exported Groups and Membership artifacts using Migration to create this snapshot. |
userspassword |
The initial password for new users. |
resetPassword |
Whether the new users must reset password on first login. Set
this value to true to force new users to change
their password when they login for the first time.
|
Running the Script
- Create
createUsersAndAssignRoles.ps1
orcreateUsersAndAssignRoles.sh
by copying the script from a preceding section. - Add custom code to perform these operations:
- Extract the contents of the snapshot
- Append new user information to
HSS-Shared Services\resource\External Directory\Users.csv
. - Optionally, append information about role assignments of new users (in
First Name,Last Name,Email,User Login format) to appropriate roles
file(s) in
HSS-Shared Services\resource\External Directory\Roles\
. - Recreate the snapshot with the updated files.
- Create the
input.properties
file and save it in the directory where thecreateUsersAndAssignRoles
script is located. Contents of this file differs depending on your operating system. See Sample input.properties File.Make sure that you have write privileges in this directory. For Windows, you may need to start PowerShell using the Run as Administrator option to be able to run the script.
- Launch the script.
- Windows PowerShell: run
createUsersAndAssignRoles.ps1
. - Linux/UNIX: run
./createUsersAndAssignRoles.sh
.
- Windows PowerShell: run