AutoSys Workload Automation

  • 1.  automation adding/removing user from security group

    Posted Apr 10, 2019 04:56 AM

    Hi All,

     

    We have to periodically add and remove users from the Security group as per our daily and weekly activity.

    It takes a lot of manual work to perform this task on daily and weekly basis and chances to missing some users while adding or removing them from group can cause issue.

    Is there a way to automate this process so that we don't have to perform this activity manually reducing the manual effort and reducing human error.

     

    Thanks for your help in advance.



  • 2.  Re: automation adding/removing user from security group

    Broadcom Employee
    Posted Apr 11, 2019 04:32 AM

    Hi,

    Are you removing users because they are no longer part of organization or because they have moved to another part of same org?

    If you use LDAP and have DE authenticate users against LDAP/AD then this becomes easier to manage users from your directory service.  You can create a container or group in your LDAP/AD and add the users that need to have access to DE in general.  This will take care of authentication, however, you will still have to manage the authorization (security group access) from DE Desktop Client.

     

    Thanks,

    Nitin Pande

    Broadcom



  • 3.  Re: automation adding/removing user from security group

    Posted Apr 15, 2019 03:21 PM

    Hi Nitin,

     

    We have to provide some users access on weekend though a security group and remove the same when the week starts, they are not leaving the team or the organization.

    Can this activity be automated with the help of WA application or even using power-shell so that we can reduce the manual activity.

    Thanks for your help in advance.

    Thanks,

     

    Shashank



  • 4.  Re: automation adding/removing user from security group

    Broadcom Employee
    Posted Apr 15, 2019 04:02 PM

    Hi,

    So, as mentioned, create a container in LDAP and have DE authenticate users in that container only.

    On DE side, you have to manually set user permissions.

     

    Thanks,

    Nitin Pande

    Broadcom



  • 5.  Re: automation adding/removing user from security group

    Posted Apr 15, 2019 05:19 PM

    If you are authenticating with LDAP you could set up secondary IDs for the users with greater access in DE.  You could easily schedule those ID's to be disabled in AD during the week and enabled for the weekend.  Of course then your users need to remember to log in with different ID's on the weekend.

     

    Alternatively...

     

    This is not a solution that would ever be officially recommended, but you could write a SQL script that operates directly against the database to make changes the security groups individuals belong to.  There could be any number of unforeseen issues that result, but the basic table structure doesn't look that complicated.

     

    This is not something I would personally try but then I don't have your need to modify security on a weekly basis, and I'm generally risk adverse.  If you end up spending a weekend restoring your environment from a backup, don't blame me.



  • 6.  Re: automation adding/removing user from security group

    Broadcom Employee
    Posted Apr 16, 2019 09:37 AM

    Hi,

    Please do not alter DB.  This is not supported and will result in DE shutdown and data corruption.

    You will have to manually set the security groups in client.

     

    Thank you,

    Nitin Pande

    Broadcom