Network Change & Configuration Management

Reply
Highlighted
Accepted Solution

Is there a way to list and manage Roles + Device Groups for users??

Authority
Posts: 34
6058     0

I see that I can get alist of what roles a user has, but so far I have not found a way to list the Device Group(s) associated with the role. Is that even possible? And what aboput adding, deleting, and updating Role+Device Group associations via the API? Would prefer Perl over WAPI. Using NetMRI 6.9.4.

Re: Is there a way to list and manage Roles + Device Groups for users??

Adviser
Posts: 357
6059     0
Roles are not directly related to device groups. Rather, a given user has specific roles for specific device groups. So, it is the user that connects roles and device groups.

John

Re: Is there a way to list and manage Roles + Device Groups for users??

[ Edited ]
Authority
Posts: 34
6059     0

Sorry if I was not clear, this is about automating user audits and managing users. The web interface does appear to provide any way to see the Role + Device Group associations beyond drilling down into each user, which is unacceptable for security and compliance auditing purposes (NetMRI is a layer 2 device for PCI DSS concerns here at EHI), and a real pain to e.g. add access to a new Device Group for over 100 users. Is is possible to do these with the API, and if so, are there any examples showing how to do it. The closest I have seen is a Perl script in the forums here that lists the roles, but so far I have not seen anything about the device groups associated with the roles.

Re: Is there a way to list and manage Roles + Device Groups for users??

Adviser
Posts: 357
6059     0
Is the auth_roles call on the auth_users controller what you are looking for?

https://netmri/api/3/auth_users/docs#auth_roles

John

Re: Is there a way to list and manage Roles + Device Groups for users??

[ Edited ]
Authority
Posts: 34
6059     0

That looks promising. Right above that is add_auth_role, which takes a lsit of Deivce Group IDs. Is there a way to get a lsit of the ID to name mapping for the Device Groups?

Re: Is there a way to list and manage Roles + Device Groups for users??

Adviser
Posts: 357
6059     0
That would come from the Device Groups API.

https://netmri/api/3/device_groups/docs

By the way, I just noticed "Would prefer Perl over WAPI”. In NetMRI, the Perl API is just a wrapper on top of the REST API (WAPI). So, anything you see in the online docs should have a Perl equivalent - we actually generate the Perl modules as part of the build process, based upon what is in that documentation. You should also see it using ”perldoc”.

John

Re: Is there a way to list and manage Roles + Device Groups for users??

Authority
Posts: 34
6059     0

I'm aware of that. I was hoping some additional fucntionality may have been added to the Perl API (like NetMRI_Easy.pm simplifies things) to make this easier. We can't be the only ones doing this and at least the user audit piece should be included out of the box.

Re: Is there a way to list and manage Roles + Device Groups for users??

Authority
Posts: 34
6059     0

Problem! I am doing an "@auth_users = $netmri->broker->auth_user->index( );" to get a list of all users. However, users with multiple roles do not appear to be included in that list!

 

I also tried a $netmri->broker->auth_user->search( user_name => qw[user_with_multiple roles] ) and get an empty array back. 

 

I verfied the user still exists and is enabled/active via the GUI.

 

Am I missing something? 

 

NetMRI 6.9.4 (in an OC environment).

 

Re: Is there a way to list and manage Roles + Device Groups for users??

Adviser
Posts: 357
6059     0
Hard to tell. Seems like it should work as you expect. Might help if you can attach the script.

Re: Is there a way to list and manage Roles + Device Groups for users??

Authority
Posts: 34
6059     0

Doh!! I was figuring out what I could paste in in when I realized I was hitting our lab instead of production! I've been doing all the recent development work in our production. I started this script several months ago but had to stop working on it for this project. So back then I was working in the lab for most dev, but now prod, and I never updated the script. It's one of those things that "looks right" so takes forever to catch.

Re: Is there a way to list and manage Roles + Device Groups for users??

Adviser
Posts: 357
6059     0
Smiley Happy

Re: Is there a way to list and manage Roles + Device Groups for users??

[ Edited ]
Authority
Posts: 34
6059     0

Has anyone run into a Device Group GroupID that does not exist in the list of device groups (not counting 0)? We have a handful of users with a device group that apparently no longer exists. If I drill down into one of these users in the GUI it's not listed there. My guess is these users have a reference to a device group that no longer exists. Just curious if anyone else has seen this. 

Re: Is there a way to list and manage Roles + Device Groups for users??

Authority
Posts: 34
6059     0

Thanks for all the help! WHen I get a chance I will try and clean the script up and post at least some of the simple auditing reports.

 

I was also able to add a new device group to a role for users that had said role, and fix a user that had no roles and did not appear in the GUI. 

 

Anyway, appreciate the help.I have my head wrapped around the API much better than before. Good stuff!!

Showing results for 
Search instead for 
Do you mean 

Recommended for You