Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

How to Export and Import RBAC Users and Roles

This topic was edited by a BMC Contributor and has not been approved.  More information.

Currently there is no built-in way for exporting RBAC Users and Roles from a BSA environment. If you have a separate BSA environment, and do not want to have to recreate an entire RBAC setup that you have created, you can follow the process described here.

Exporting Users and Roles

Use the following NSH script to export all roles and users from BS. (Note: This was tested on 8.0 SP5.) Once we perform the export, we will use another script to perform the import.

Feel free to modify this script as needed.

Input

The first parameter $1 is the Authentication Profile that you use to connect to the BladeLogic Application Server.

Script

blcred cred -acquire -profile "$1"
blcli_setoption authType BLSSO
blcli_setoption roleName RBACAdmins
blcli_setoption serviceProfileName "$1"
blcli_connect

ROLESDIR="/e/blexports/auth/roles"
USERSDIR="/e/blexports/auth/users"

if [ -d "$ROLESDIR" ]
then
   echo Directory  "$ROLESDIR" exists
else
   echo $ROLESDIR does not exist.
   echo Creating directory ${ROLESDIR}
   mkdir -p ${ROLESDIR}
fi

if [ -f "$ROLESDIR/ROLES" ]
then
   echo "$ROLESDIR/ROLES" exists
   rm "$ROLESDIR/ROLES"
else
   echo "$ROLESDIR/ROLES" does not exist.
fi
echo
echo Exporting Roles
echo
blcli_execute RBACRole listAllRoleNames
blcli_storeenv ROLES

for ROLE in $ROLES
do
  echo "${ROLE}" >> "${ROLESDIR}/ROLES"
done
echo
echo Finished exporting Roles
echo
if [ -d "$USERSDIR" ]
then
   echo Directory  "$USERSDIR" exists
else
   echo Creating directory $USERSDIR
   mkdir -p ${USERSDIR}
fi
echo
echo Exporting Users
echo
for r in `cat "${ROLESDIR}"/"ROLES"`
do
  echo Exporting members of "${r}"
  blcli_execute RBACUser getAllUserNamesByRole "${r}"
  blcli_storeenv AUTHS
  echo $AUTHS
  echo "${AUTHS}" > "${USERSDIR}/${r}"
done
echo
echo Finished exporting Users
echo
echo done.

Importing Users and Roles

After you perform the export, we'll need to then copy the output to the new environment. Within that new environment, we will use the following NSH script, which imports roles and users into BSA (again, this was tested on 8.0 SP5).

Feel free to modify as needed.

Script

blcred cred -acquire -profile "$1"
blcli_setoption authType BLSSO
blcli_setoption roleName RBACAdmins
blcli_setoption serviceProfileName "$1"
blcli_connect

ROLESDIR="/e/blexports/auth/roles"
USERSDIR="/e/blexports/auth/users"

if [ -d "$ROLESDIR" ]
then
   echo Directory  "$ROLESDIR" exists
else
   echo $ROLESDIR does not exist.
   exit 1
fi
if [ -f "$ROLESDIR/ROLES" ]
then
   echo "${ROLESDIR}/ROLES" exists
else
   echo "${ROLESDIR}/ROLES" does not exist.
   exit 1
fi
if [ -d "$USERSDIR" ]
then
   echo "$USERSDIR" exists
else
   echo "$USERSDIR" does not exist.
   exit 1
fi

echo
echo Importing Roles and Users....
echo
for AUTH in `cat "${ROLESDIR}"/"ROLES"`
do
    blcli_execute RBACRole isRoleExists "${AUTH}"
    blcli_storeenv roleExists
    if [ "$roleExists" = "false" ]
    then
        echo Adding "${AUTH}"
        blcli_execute RBACRole createRole "${AUTH}" "${AUTH}"
    else
        echo "${AUTH}" already exist
    fi
    echo Importing users for "${AUTH}"
    if [ -f "${USERSDIR}"/"${AUTH}" ]
    then
        echo "${USERSDIR}/${AUTH}" exists
        for user in `cat "${USERSDIR}/${AUTH}"`
        do
            blcli_execute RBACUser isUserExists "${user}"
            blcli_storeenv userExists
            if [ "$userExists" = "false" ]
            then
                  echo Adding "${user}"
                  blcli_execute RBACUser createUser "${user}" "bladelogic" "${user}" "true"
                  blcli_execute RBACUser addRole "${user}" "${AUTH}"
                  blcli_execute RBACUser setAdkAuthenticationEnabled "${user}" true
                  blcli_execute RBACUser setSrpAuthenticationEnabled "${user}" false
            else
                  echo "${user}" already exist
            fi
        done

    else
        echo "$USERSDIR/${AUTH}" does not exist.
        exit 1
    fi

done

echo
echo Finished Importing Users and Roles
echo
echo done.
Was this page helpful? Yes No Submitting... Thank you

Comments