Authorization group configuration scripts
The scripting library provides multiple script procedures to automate your application server configurations. Use the scripts in this topic to create, configure, remove and query your security authorization group configuration. You can run each script individually or combine procedures to create custom automation scripts.
The AdminAuthorizations script procedures are located in the app_server_root/scriptLibraries/security/V70 directory.
addResourceToAuthorizationGroup
This script adds a resource to an existing authorization group in your configuration. You can create a fine-grained administrative authorization groups by selecting administrative resources to be part of the authorization group. You can assign users or groups to this new administrative authorization group and also give them access to the administrative resources contained within.
Argument | Description |
---|---|
authGroupName | Specifies the name of the authorization group of interest. |
resource | Specifies the name of the resource to add to the authorization group of interest. |
Syntax
AdminAuthorizations.addResourceToAuthorizationGroup(authGroupName, resource)
Example usage
AdminAuthorizations.addResourceToAuthorizationGroup("myAuthGroup", "Node=myNode:Server=myServer")
createAuthorizationGroup
This script creates a new authorization group in your configuration. Administrative authorization groups that specify users and groups that have certain authorities with the selected resources.
Argument | Description |
---|---|
authGroupName | Specifies the name of the authorization group to create. |
Syntax
AdminAuthorizations.createAuthorizationGroup(authGroupName)
Example usage
AdminAuthorizations.createAuthorizationGroup("myAuthGroup")
mapGroupsToAdminRole
This script maps group IDs to one or more administrative roles in the authorization group. The name of the authorization group that you provide determines the authorization table. The group ID can be a short name or fully qualified domain name in case Lightweight Directory Access Protocol (LDAP) user registry is used.
Argument | Description |
---|---|
authGroupName | Specifies the name of the authorization group of interest. |
adminRole | Specifies the name of the administrative role to which the system maps the user IDs. |
groupIDs | Specifies the group IDs to map to the role and authorization group. |
Syntax
AdminAuthorizations.mapGroupsToAdminRole(authGroupName, adminRole, groupIDs)
Example usage
AdminAuthorizations.mapGroupsToAdminRole("myAuthGroup", "administrator", "group01 group02 group03")
mapUsersToAdminRole
This script maps user IDs to one or more administrative roles in the authorization group. The name of the authorization group that you provide determines the authorization table. The user ID can be a short name or fully qualified domain name in case LDAP user registry is used.
Argument | Description |
---|---|
authGroupName | Specifies the name of the authorization group of interest. |
adminRole | Specifies the name of the administrative role to which the system maps the user IDs. |
userIDs | Specifies the user IDs to map to the role and authorization group. |
Syntax
AdminAuthorizations.mapUsersToAdminRole(authGroupName, adminRole, userIDs)
Example usage
AdminAuthorizations.mapUsersToAdminRole("myAuthGroup", "administrator", "user01 user02 user03")
deleteAuthorizationGroup
This script removes an authorization group from your security configuration.
Argument | Description |
---|---|
authGroupName | Specifies the name of the authorization group to delete. |
Syntax
AdminAuthorizations.deleteAuthorizationGroup(authGroupName)
Example usage
AdminAuthorizations.deleteAuthorizationGroup("myAuthGroup")
removeGroupFromAllAdminRoles
This script removes a specific group from an administrative role in each authorization group in your configuration.
Argument | Description |
---|---|
groupID | Specifies the group ID to remove from the administrative role in each authorization group in your configuration. |
Syntax
AdminAuthorizations.removeGroupFromAllAdminRoles(groupID)
Example usage
AdminAuthorizations.removeGroupFromAllAdminRoles("group01")
removeGroupsFromAdminRole
This script removes specific groups from an administrative role in the authorization group of interest.
Argument | Description |
---|---|
authGroupName | Specifies the name of the authorization group of interest. |
adminRole | Specifies the name of the administrative role from which to remove the user IDs. |
groupIDs | Specifies the group IDs to remove from the specific role in the authorization group. |
Syntax
AdminAuthorizations.removeUsersFromAdminRole(authGroupName, adminRole, groupIDs)
Example usage
AdminAuthorizations.removeUsersFromAdminRole("myAuthGroup", "administrator", "group01 group02 group03")
removeResourceFromAuthorizationGroup
This script removes a specific resource from the authorization group of interest.
Argument | Description |
---|---|
authGroupName | Specifies the name of the authorization group of interest. |
resource | Specifies the name of the resource to remove. |
Syntax
AdminAuthorizations.removeResourceFromAuthorizationGroup(authGroupName, resource)
Example usage
AdminAuthorizations.removeResourceFromAuthorizationGroup("myAuthGroup", "Node=myNode:Server=myServer")
removeUserFromAllAdminRoles
This script removes a specific user from an administrative role in each authorization group in your configuration.
Argument | Description |
---|---|
userID | Specifies the user ID to remove from the administrative role in each authorization group in your configuration. |
Syntax
AdminAuthorizations.removeUserFromAllAdminRoles(userID)
Example usage
AdminAuthorizations.removeUserFromAllAdminRoles("user01")
removeUsersFromAdminRole
This script removes specific users from an administrative role in the authorization group of interest.
Argument | Description |
---|---|
authGroupName | Specifies the name of the authorization group of interest. |
adminRole | Specifies the name of the administrative role from which to remove the user IDs. |
userIDs | Specifies the user IDs to remove from the specific role in the authorization group. |
Syntax
AdminAuthorizations.removeUsersFromAdminRole(authGroupName, adminRole, userIDs)
Example usage
AdminAuthorizations.removeUsersFromAdminRole("myAuthGroup", "administrator", "user01 user02 user03")
help
Argument | Description |
---|---|
script | Specifies the name of the script of interest. |
Syntax
AdminResources.help(script)
Example usage
AdminResources.help("listAuthorizationGroups")
listAuthorizationGroups
This script displays each authorization group in your security configuration. This script does not require arguments.
Syntax
AdminAuthorizations.listAuthorizationGroups()
Example usage
AdminAuthorizations.listAuthorizationGroups()
listAuthorizationGroupsForUserID
This script displays each authorization group to which a specific user ID has access.
Argument | Description |
---|---|
userID | Specifies the user ID for which to display authorization groups. |
Syntax
AdminAuthorizations.listAuthorizationGroupsForUserID(userID)
Example usage
AdminAuthorizations.listAuthorizationGroupsForUserID("user01")
listAuthorizationGroupsForGroupID
This script displays each authorization group to which a specific group ID has access.
Argument | Description |
---|---|
groupID | Specifies the group ID for which to display authorization groups. |
Syntax
AdminAuthorizations.listAuthorizationGroupsForGroupID(groupID)
Example usage
AdminAuthorizations.listAuthorizationGroupsForGroupID("group01")
listAuthorizationGroupsOfResource
This script displays each authorization group to which a specific resource is mapped.
Argument | Description |
---|---|
resource | Specifies the resource of interest. |
Syntax
AdminAuthorizations.listAuthorizationGroupsOfResource(resource)
Example usage
AdminAuthorizations.listAuthorizationGroupsOfResource("Node=myNode:Server=myServer")
listUserIDsOfAuthorizationGroup
This script displays the user IDs and access level that are associated with a specific authorization group.
Argument | Description |
---|---|
authGroupname | Specifies the name of the authorization group of interest. |
Syntax
AdminAuthorizations.listUserIDsOfAuthorizationGroup(authGroupName)
Example usage
AdminAuthorizations.listUserIDsOfAuthorizationGroup("myAuthGroup")
listGroupIDsOfAuthorizationGroup
This script displays the group IDs and access level that are associated with a specific authorization group.
Argument | Description |
---|---|
authGroupname | Specifies the name of the authorization group of interest. |
Syntax
AdminAuthorizations.listGroupIDsOfAuthorizationGroup(authGroupName)
Example usage
AdminAuthorizations.listGroupIDsOfAuthorizationGroup("myAuthGroup")
listResourcesOfAuthorizationGroup
This script displays the resources that are associated with a specific authorization group.
Argument | Description |
---|---|
authGroupname | Specifies the name of the authorization group of interest. |
Syntax
AdminAuthorizations.listResourcesOfAuthorizationGroup(authGroupName)
Example usage
AdminAuthorizations.listResourcesOfAuthorizationGroup("myAuthGroup")
listResourcesForUserID
This script displays the resources that a specific user ID can access.
Argument | Description |
---|---|
userID | Specifies the user ID of interest. |
Syntax
AdminAuthorizations.listResourcesForUserID(userID)
Example usage
AdminAuthorizations.listResourcesForUserID("user01")
listResourcesForGroupID
This script displays the resources that a specific group ID can access.
Argument | Description |
---|---|
groupID | Specifies the group ID of interest. |
Syntax
AdminAuthorizations.listResourcesForGroupID(groupID)
Example usage
AdminAuthorizations.listResourcesForGroupID("group01")