Authorization group configuration scripts
The scripting library provides multiple script procedures to automate the application server configurations. Use the scripts in this topic to create, configure, remove and query the security authorization group configuration. We can run each script individually or combine procedures to create custom automation scripts.
The AdminAuthorizations script procedures are located in the app_server_root/scriptLibraries/security/V70 directory.
Use the following script procedures to configure authorization groups:
Use the following script procedures to remove users and groups from the security authorization settings:
- deleteAuthorizationGroup
- removeGroupFromAllAdminRoles
- removeGroupsFromAdminRole
- removeResourceFromAuthorizationGroup
- removeUserFromAllAdminRoles
- removeUsersFromAdminRole
Use the following script procedures to query the security authorization group configuration:
- help
- listAuthorizationGroups
- listAuthorizationGroupsForUserID
- listAuthorizationGroupsForGroupID
- listAuthorizationGroupsOfResource
- listUserIDsOfAuthorizationGroup
- listGroupIDsOfAuthorizationGroup
- listResourcesOfAuthorizationGroup
- listResourcesForUserID
addResourceToAuthorizationGroup
This script adds a resource to an existing authorization group in our configuration. We can create a fine-grained administrative authorization groups by selecting administrative resources to be part of the authorization group. We can assign users or groups to this new administrative authorization group and also give them access to the administrative resources contained within.
argument descriptions. Run the script with the authorization group name and resource name to add a resource to an authorization
Argument Description authGroupName Name of the authorization group of interest. resource Name of the resource to add to the authorization group of interest. Syntax
AdminAuthorizations.addResourceToAuthorizationGroup(authGroupName, resource)
Example usage
AdminAuthorizations.addResourceToAuthorizationGroup("myAuthGroup", "Node=myNode:Server=myServer")
createAuthorizationGroup
This script creates a new authorization group in the configuration. Administrative authorization groups that specify users and groups that have certain authorities with the selected resources.
Argument Description authGroupName Name of the authorization group to create. Syntax
AdminAuthorizations.createAuthorizationGroup(authGroupName)
Example usage
AdminAuthorizations.createAuthorizationGroup("myAuthGroup")
mapGroupsToAdminRole
This script maps group IDs to one or more administrative roles in the authorization group. The name of the authorization group that you provide determines the authorization table. The group ID can be a short name or fully qualified domain name in case LDAP user registry is used.
argument descriptions. Run the script with the authorization
Argument Description authGroupName Name of the authorization group of interest. adminRole Name of the administrative role to which the system maps the user IDs. groupIDs Specifies the group IDs to map to the role and authorization group. Syntax
AdminAuthorizations.mapGroupsToAdminRole(authGroupName, adminRole, groupIDs)
Example usage
AdminAuthorizations.mapGroupsToAdminRole("myAuthGroup", "administrator", "group01 group02 group03")
mapUsersToAdminRole
This script maps user IDs to one or more administrative roles in the authorization group. The name of the authorization group that you provide determines the authorization table. The user ID can be a short name or fully qualified domain name in case LDAP user registry is used.
Argument Description authGroupName Name of the authorization group of interest. adminRole Name of the administrative role to which the system maps the user IDs. userIDs User IDs to map to the role and authorization group. Syntax
AdminAuthorizations.mapUsersToAdminRole(authGroupName, adminRole, userIDs)
Example usage
AdminAuthorizations.mapUsersToAdminRole("myAuthGroup", "administrator", "user01 user02 user03")
deleteAuthorizationGroup
This script removes an authorization group from the security configuration.
Argument Description authGroupName Name of the authorization group to delete. Syntax
AdminAuthorizations.deleteAuthorizationGroup(authGroupName)
Example usage
AdminAuthorizations.deleteAuthorizationGroup("myAuthGroup")
removeGroupFromAllAdminRoles
This script removes a specific group from an administrative role in each authorization group in the configuration.
Argument Description groupID Specifies the group ID to remove from the administrative role in each authorization group in the configuration. Syntax
AdminAuthorizations.removeGroupFromAllAdminRoles(groupID)
Example usage
AdminAuthorizations.removeGroupFromAllAdminRoles("group01")
removeGroupsFromAdminRole
This script removes specific groups from an administrative role in the authorization group of interest.
the script with the authorization group name, administrative role,
Argument Description authGroupName Name of the authorization group of interest. adminRole Name of the administrative role from which to remove the user IDs. groupIDs Specifies the group IDs to remove from the specific role in the authorization group. Syntax
AdminAuthorizations.removeUsersFromAdminRole(authGroupName, adminRole, groupIDs)
Example usage
AdminAuthorizations.removeUsersFromAdminRole("myAuthGroup", "administrator", "group01 group02 group03")
removeResourceFromAuthorizationGroup
This script removes a specific resource from the authorization group of interest.
argument descriptions. Run the script with the authorization
Argument Description authGroupName Name of the authorization group of interest. resource Name of the resource to remove. Syntax
AdminAuthorizations.removeResourceFromAuthorizationGroup(authGroupName, resource)
Example usage
AdminAuthorizations.removeResourceFromAuthorizationGroup("myAuthGroup", "Node=myNode:Server=myServer")
removeUserFromAllAdminRoles
This script removes a specific user from an administrative role in each authorization group in the configuration.
Argument Description userID User ID to remove from the administrative role in each authorization group in the configuration. Syntax
AdminAuthorizations.removeUserFromAllAdminRoles(userID)
Example usage
AdminAuthorizations.removeUserFromAllAdminRoles("user01")
removeUsersFromAdminRole
This script removes specific users from an administrative role in the authorization group of interest.
argument descriptions. Run the script to remove users
Argument Description authGroupName Name of the authorization group of interest. adminRole Name of the administrative role from which to remove the user IDs. userIDs User IDs to remove from the specific role in the authorization group. Syntax
AdminAuthorizations.removeUsersFromAdminRole(authGroupName, adminRole, userIDs)
Example usage
AdminAuthorizations.removeUsersFromAdminRole("myAuthGroup", "administrator", "user01 user02 user03")
help
the help script to display the script procedures that the AdminClusterManagement
Argument Description script Name of the script of interest. Syntax
AdminResources.help(script)
Example usage
AdminResources.help("listAuthorizationGroups")
listAuthorizationGroups
This script displays each authorization group in the security configuration. This script does not require arguments.
Syntax
AdminAuthorizations.listAuthorizationGroups()
Example usage
AdminAuthorizations.listAuthorizationGroups()
listAuthorizationGroupsForUserID
This script displays each authorization group to which a specific user ID has access.
argument description. Run the script with the user ID
Argument Description userID User ID for which to display authorization groups. Syntax
AdminAuthorizations.listAuthorizationGroupsForUserID(userID)
Example usage
AdminAuthorizations.listAuthorizationGroupsForUserID("user01")
listAuthorizationGroupsForGroupID
This script displays each authorization group to which a specific group ID has access.
argument description. Run the script with the group ID
Argument Description groupID Specifies the group ID for which to display authorization groups. Syntax
AdminAuthorizations.listAuthorizationGroupsForGroupID(groupID)
Example usage
AdminAuthorizations.listAuthorizationGroupsForGroupID("group01")
listAuthorizationGroupsOfResource
This script displays each authorization group to which a specific resource is mapped.
argument description. Run the script with the resource
Argument Description resource Resource of interest. Syntax
AdminAuthorizations.listAuthorizationGroupsOfResource(resource)
Example usage
AdminAuthorizations.listAuthorizationGroupsOfResource("Node=myNode:Server=myServer")
listUserIDsOfAuthorizationGroup
This script displays the user IDs and access level associated with a specific authorization group.
Argument Description authGroupname Name of the authorization group of interest. Syntax
AdminAuthorizations.listUserIDsOfAuthorizationGroup(authGroupName)
Example usage
AdminAuthorizations.listUserIDsOfAuthorizationGroup("myAuthGroup")
listGroupIDsOfAuthorizationGroup
This script displays the group IDs and access level associated with a specific authorization group.
Argument Description authGroupname Name of the authorization group of interest. Syntax
AdminAuthorizations.listGroupIDsOfAuthorizationGroup(authGroupName)
Example usage
AdminAuthorizations.listGroupIDsOfAuthorizationGroup("myAuthGroup")
listResourcesOfAuthorizationGroup
This script displays the resources associated with a specific authorization group.
argument description. Run the script with the authorization
Argument Description authGroupname Name of the authorization group of interest. Syntax
AdminAuthorizations.listResourcesOfAuthorizationGroup(authGroupName)
Example usage
AdminAuthorizations.listResourcesOfAuthorizationGroup("myAuthGroup")
listResourcesForUserID
This script displays the resources that a specific user ID can access.
Argument Description userID User ID of interest. Syntax
AdminAuthorizations.listResourcesForUserID(userID)
Example usage
AdminAuthorizations.listResourcesForUserID("user01")
listResourcesForGroupID
This script displays the resources that a specific group ID can access.
Argument Description groupID Specifies the group ID of interest. Syntax
AdminAuthorizations.listResourcesForGroupID(groupID)
Example usage
AdminAuthorizations.listResourcesForGroupID("group01")
Related concepts
Fine-grained administrative security
Related tasks
Use the script library to automate the application serving environment Create a fine-grained administrative authorization group using the administrative console Edit a fine-grained administrative authorization group using the administrative console