06-30-2016 01:56 PM
I see that I can get alist of what roles a user has, but so far I have not found a way to list the Device Group(s) associated with the role. Is that even possible? And what aboput adding, deleting, and updating Role+Device Group associations via the API? Would prefer Perl over WAPI. Using NetMRI 6.9.4.
Solved! Go to Solution.
06-30-2016 02:09 PM
06-30-2016 02:12 PM - edited 06-30-2016 02:16 PM
Sorry if I was not clear, this is about automating user audits and managing users. The web interface does appear to provide any way to see the Role + Device Group associations beyond drilling down into each user, which is unacceptable for security and compliance auditing purposes (NetMRI is a layer 2 device for PCI DSS concerns here at EHI), and a real pain to e.g. add access to a new Device Group for over 100 users. Is is possible to do these with the API, and if so, are there any examples showing how to do it. The closest I have seen is a Perl script in the forums here that lists the roles, but so far I have not seen anything about the device groups associated with the roles.
06-30-2016 02:20 PM
06-30-2016 02:28 PM - edited 06-30-2016 02:29 PM
That looks promising. Right above that is add_auth_role, which takes a lsit of Deivce Group IDs. Is there a way to get a lsit of the ID to name mapping for the Device Groups?
06-30-2016 02:40 PM
By the way, I just noticed "Would prefer Perl over WAPI”. In NetMRI, the Perl API is just a wrapper on top of the REST API (WAPI). So, anything you see in the online docs should have a Perl equivalent - we actually generate the Perl modules as part of the build process, based upon what is in that documentation. You should also see it using ”perldoc”.
06-30-2016 02:52 PM
I'm aware of that. I was hoping some additional fucntionality may have been added to the Perl API (like NetMRI_Easy.pm simplifies things) to make this easier. We can't be the only ones doing this and at least the user audit piece should be included out of the box.
07-01-2016 08:31 AM
Problem! I am doing an "@auth_users = $netmri->broker->auth_user->index( );" to get a list of all users. However, users with multiple roles do not appear to be included in that list!
I also tried a $netmri->broker->auth_user->search( user_name => qw[user_with_multiple roles] ) and get an empty array back.
I verfied the user still exists and is enabled/active via the GUI.
Am I missing something?
NetMRI 6.9.4 (in an OC environment).
07-01-2016 12:35 PM
07-01-2016 12:53 PM
Doh!! I was figuring out what I could paste in in when I realized I was hitting our lab instead of production! I've been doing all the recent development work in our production. I started this script several months ago but had to stop working on it for this project. So back then I was working in the lab for most dev, but now prod, and I never updated the script. It's one of those things that "looks right" so takes forever to catch.
07-05-2016 09:17 AM - edited 07-05-2016 09:18 AM
Has anyone run into a Device Group GroupID that does not exist in the list of device groups (not counting 0)? We have a handful of users with a device group that apparently no longer exists. If I drill down into one of these users in the GUI it's not listed there. My guess is these users have a reference to a device group that no longer exists. Just curious if anyone else has seen this.
07-25-2016 04:14 PM
Thanks for all the help! WHen I get a chance I will try and clean the script up and post at least some of the simple auditing reports.
I was also able to add a new device group to a role for users that had said role, and fix a user that had no roles and did not appear in the GUI.
Anyway, appreciate the help.I have my head wrapped around the API much better than before. Good stuff!!