|
Qorus Integration Engine
3.0.4.p7
|
|
Qorus Integration Engine
3.0.4.p7
|
user-tool [options]This program manipulates data in Qorus’ RBAC tables. Users, permissions, role, and access groups can be created, modified, and deleted and information about all RBAC data can be queried.
This program accesses the Qorus database directly, therefore for all options except –synchronize, it is not subject to Qorus RBAC control itself and does not require the Qorus server to be running. Unless the –synchronize option is used, only the database server must be available.
user-tool –s option to call the omq.system.reload-rbac() API method after effecting updates with user-tool.Note that arguments below should not contain any spaces unless they are quoted; for example:
If there are no spaces in an argument, then quotes are optional.
Be aware that this program is delivered as a Qore-language script, and, as such, requires either the $OMQ_DIR or $QORE_MODULE_DIR environment variables to be set to find the Qorus client module, if not located in the default location.
User Options Supported by user-tool
| Long Option | Short | Description |
–add-user | -A | Adds a new user; ARG=username,password,role,"description" |
–update-user | -d | Updates an existing user; ARG=user:key=value, valid keys are "pass", "name", and "roles" (note that "name" gives the user's descriptive name; currently usernames cannot be changed); roles can be relative, ex: +name,-name |
–add-user-role | -m | Adds one or more roles to an existing user, ARG=user:role[,role...] |
–del-user-role | -O | Removes one or more roles to an existing user, ARG=user:role[,role...] |
–user-info | -i | Displays user information; ARG=user |
–list-users | -l | Displays information about all users; two "l"s lists all roles associated with the users as well (i.e.: user-tool –ll) |
–users-with-role | -w | Display all users with the given role; ARG=role |
Permission Options Supported by user-tool
| Long Option | Short | Description |
–add-perm | -P | Adds a new user permission; ARG=name:"description" |
–update-perm | -E | Updates the description for an existing user permission; ARG=name:"description"; only user permissions may be updated |
–list-roles | -L | Lists all user and system permissions |
Role Options Supported by user-tool
| Long Option | Short | Description |
–add-role | -R | Adds a new role ARG=role:"description":permission[,...][:group,...] |
–update-role | -U | Updates an existing role; ARG=role:key=value, valid keys are "desc", "groups" for groups the role is a member of, "perms" for the list of permissions the role has; "groups" and "perms" can be relative; ex: +name,-name |
–add-role-perm | -F | Adds one or more permission to an existing role, ARG=role:permission[,permission...] |
–del-role-perm | -I | Removes one or more roles to an existing role, ARG=role:permission[,permission...] |
–role-info | -f | Displays information about the given role; ARG=role |
–list-roles | -r | Lists all available roles, two "r"s lists all permissions and groups associated with the roles as well (i.e.: user-tool -rr) |
–role-with-perm | -p | Display all roles with the given permission; ARG=permission |
–add-role-group=ARG | -G | adds one or more groups to a role; ARG=role:group[,group,...] |
–del-role-group=ARG | -o | removes one or more groups from a role; ARG=role:group[,group,...] |
Group Options Supported by user-tool
| Long Option | Short | Description |
–add-group=ARG | -g | adds a workflow/service group, arg format: name:key1=value1,key2=value2,... valid keys: "desc", "workflows", "services", and "enabled". "desc" is required, the "workflows" and "services" keys take comma-separated lists of strings as arguments; if "enabled" is not present, the default is true |
–update-group=ARG | -t | updates a worklfow/service group, arg format: name:key1=value1,key2=value2,... valid keys: "desc", "workflows", "services", "jobs", and "enabled". "desc" is required, the "workflows", "services", and "jobs" keys take comma-separated lists of strings as arguments and can be relative; ex: +name,-name |
–group-info=ARG | -n | show information on the given group |
–list-groups | -S | lists all groups (two S's gives more info) |
–add-group-wf=ARG | -b | adds a workflow to a workflow/service group; arg format: name=wfname:version,[wfname:version,...] |
–del-group-wf=ARG | -z | deletes a workflow from a workflow/service group; arg format: name=wfname:version,[wfname:version,...] |
–add-group-svc=ARG | -j | adds a service to a workflow/service group; arg format: name=svcname:version,[svcname:version,...] |
–del-group-svc=ARG | -x | deletes a service from a workflow/service group; arg format: name=svcname:version,[svcname:version,...] |
Deletion Options Supported by user-tool
| Long Option | Short | Description |
–delete | -X | Deletes an object from the RBAC database; ARG=object:name; valid objects are "user", "role", "perm", and "group".
|
–cascade-delete | -c | When deleting a permission or group associated to one or more roles, using this option will delete the reference from all roles as well as deleting the permission or group |
Other Options Supported by user-tool
| Long Option | Short | Description |
–rbac-provider | -B | Sets the name of the external RBAC provider to use (ex: "QorusLdapAuth") |
–datasource | -D | Override the "omq" datasource connection parameters; ex: -Domq=oracle:user/pass@dbname |
–migrate | -M | Migrate all users from $OMQ_DIR/etc/options file (should only be used by the install script) |
–url=ARG | -u | Sets the Qorus server URL in case the synchronize option is used; see UNIX Socket Support in URLs |
–proxy-url=ARG | -p | Set the proxy URL: "http://host:port"; at least host or port must be given; ex: "http://proxy1:8080"; see UNIX Socket Support in URLs |
–show-url | -W | Displays the default Qorus server URL |
–synchronize | -s | Synchronize RBAC database with Qorus server by calling system API method omq.system.reload-rbac()
|
–quiet | -q | Do not display any output unless there is an error |
–help | -h | Display this help text |