1. Working with EPM Automate for Oracle Enterprise Performance Management Cloud
  2. Command Execution Sample Scenarios
  3. Sample Scenarios for All Services
  4. Create Users and Assign Them to Predefined Roles

Create Users and Assign Them to Predefined Roles

Use the scripts in this section to create users and assign them to predefined roles in the identity domain.

These scripts use EPM Automate commands to complete these activities:

  • Sign in to the environment as a Service Administrator with the Identity Domain Administrator role.

  • Export groups and membership information from the environment to regenerate a snapshot that you specify; for example, example_snapshot.zip. It is assumed that you previously exported Groups and Membership artifacts using Migration to create this snapshot.

  • Download the snapshot (example_snapshot.zip) to a local directory.

  • Delete the snapshot (example_snapshot.zip) from the environment.

  • Sign out of the environment.

  • Perform operations for which you added custom code. Such operations may include:

    • Extracting the contents of example_snapshot.zip
    • Appending new user information to HSS-Shared Services\resource\External Directory\Users.csv in First Name,Last Name,Email,User Login format. For detailed information, see Importing a Batch of User Accounts in Getting Started with Oracle Cloud.
    • Appending information about role assignments of new users (in First Name,Last Name,Email,User Login format) to appropriate roles file(s) in HSS-Shared Services\resource\External Directory\Roles\. For example, assignment to Service Administrator role should be appended to <service_name> Service Administrator.csv while assignments to Viewer roe should be appended to HSS-Shared Services\resource\External Directory\Roles\<service_name> Viewer.csv. For detailed information, see Assigning One Role to Many Users in Getting Started with Oracle Cloud.
    • Recreating the snapshot with the updated files by zipping the HSS-Shared Services directory and its contents.

  • Sign into the environment as a Service Administrator who also has Identity Domain Administrator role.

  • Upload the modified example_snapshot.zip to the environment.

  • Import example_snapshot.zip into the environment.

  • Delete the uploaded example_snapshot.zip from the environment.

  • Sign out.

Windows Sample Script

Create a file named createUsersAndAssignRoles.ps1 by copying the following script. Store it in a local directory.
$inputproperties = ConvertFrom-StringData(Get-Content ./input.properties -raw)
$username="$($inputproperties.username)"
$passwordfile="$($inputproperties.passwordfile)"
$serviceURL="$($inputproperties.serviceURL)"
$snapshotName="$($inputproperties.snapshotName)"
$userspassword="$($inputproperties.userspassword)"
$resetPassword="$($inputproperties.resetPassword)"

epmautomate login ${username} ${passwordfile} ${serviceURL}
epmautomate exportsnapshot ${snapshotName}
epmautomate downloadfile ${snapshotName}.zip
epmautomate deletefile ${snapshotName}.zip
epmautomate logout

# Add custom code to extract the contents of example_snapshot.zip
# Add custom code to append new user information to HSS-Shared Services\resource\External Directory\Users.csv
# Optional: Add custom code to append role information to the appropriate role file(s) in HSS-Shared Services\resource\External Directory\Roles\
# Add custom code to zip HSS-Shared Services and its contents as example_snapshot.zip

epmautomate login ${username} ${passwordfile} ${serviceURL}
epmautomate uploadfile ${snapshotName}.zip
epmautomate importsnapshot ${snapshotName} userPassword=${userspassword} resetPassword=${resetPassword}
epmautomate deletefile ${snapshotName}.zip
epmautomate logout

Linux/UNIX Sample Script

Create a file named createUsersAndAssignRoles.sh by copying the following script. Store it in a local directory.
#!/bin/bash

. ./input.properties
export JAVA_HOME=${javahome}
${epmautomatescript} login "${username}" "${passwordfile}" "${serviceURL}"
${epmautomatescript} exportsnapshot "${snapshotName}"
${epmautomatescript} downloadfile "${snapshotName}.zip"
${epmautomatescript} deletefile "${snapshotName}.zip"
${epmautomatescript} logout

# Add custom code to extract the contents of example_snapshot.zip
# Add custom code to append new user information to HSS-Shared Services\resource\External Directory\Users.csv
# Optional: Add custom code to append role information to the appropriate role file(s) in HSS-Shared Services\resource\External Directory\Roles\
# Add custom code to zip HSS-Shared Services and its contents as example_snapshot.zip

${epmautomatescript} login "${username}" "${passwordfile}" "${serviceURL}"
${epmautomatescript} uploadfile "${snapshotName}.zip"
${epmautomatescript} importsnapshot "${snapshotName}" "userPassword=${userspassword}" "resetPassword=${resetPassword}"
${epmautomatescript} deletefile "${snapshotName}.zip"
${epmautomatescript} logout

Sample input.properties File

To run the createUsersAndAssignRoles scripts, create the input.properties file and update it with information for your environment. Save the file in the directory where createUsersAndAssignRoles.ps1 or createUsersAndAssignRoles.sh is stored.

Windows

uusername=exampleAdmin
passwordfile=examplePassword.epw
serviceURL=exampleURL
snapshotName=SNAPSHOT_NAME
userspassword=TEMP_IDM_PASSWORD
resetPassword=true

Linux/UNIX

javahome=JAVA_HOME
epmautomatescript=EPM_AUTOMATE_LOCATION
username=exampleAdmin
passwordfile=examplePassword.epw
serviceURL=exampleURL
snapshotName=SNAPSHOT_NAME
userspassword=TEMP_IDM_PASSWORD
resetPassword=true

Table 3-2 input.properties Parameters

Parameter Description
javahome JAVA_HOME location. For Linux/UNIX only.
epmautomatescript Absolute path of EPM Automate executable (epmautomate.sh). For Linux/UNIX only.
username User name of a Service Administrator, who also has the Identity Domain Administrator role.
password Password of the Service Administrator or the name and location of the encrypted password file.
serviceURL URL of the environment from which you want to generate the snapshot.
snapshotName A name for the snapshot you want to generate. It is assumed that you previously exported Groups and Membership artifacts using Migration to create this snapshot.
userspassword The initial password for new users.
resetPassword Whether the new users must reset password on first login. Set this value to trueto force new users to change their password when they login for the first time.

Running the Script

  1. Create createUsersAndAssignRoles.ps1 or createUsersAndAssignRoles.sh by copying the script from a preceding section.
  2. Add custom code to perform these operations:
    • Extract the contents of the snapshot
    • Append new user information to HSS-Shared Services\resource\External Directory\Users.csv.
    • Optionally, append information about role assignments of new users (in First Name,Last Name,Email,User Login format) to appropriate roles file(s) in HSS-Shared Services\resource\External Directory\Roles\.
    • Recreate the snapshot with the updated files.
  3. Create the input.properties file and save it in the directory where the createUsersAndAssignRoles script is located. Contents of this file differs depending on your operating system. See Sample input.properties File.

    Make sure that you have write privileges in this directory. For Windows, you may need to start PowerShell using the Run as Administrator option to be able to run the script.

  4. Launch the script.
    • Windows PowerShell: run createUsersAndAssignRoles.ps1.
    • Linux/UNIX: run ./createUsersAndAssignRoles.sh.