cancel
Showing results for 
Search instead for 
Did you mean: 

Removing/Adding Privilege using file

Murali_Shanmu
Active Contributor
0 Kudos

Hi,

I have a CSV file which has username, technical role, operation. The operation column can either be or . I am trying to add/remove technical roles for bunch of users specifying the operation. I am not clear as to how the operation can be made dynamic.

Below are the steps which I have in mind.

(1) Create a pass that reads the source .csv file (From ASCII File)

In Source Tab -> Point to repository which has been created for the .csv file

In Destination Tab -> Point to a new temporary Table name and have the fields same as .csv file

(2) Create a pass that writes data to IdS (To Identity Store)

In Source -> For SQL Statement , select all records from new table which has been loaded in the previous step.

In Destination -> Entry Type will be MX_PERSON and under the table Attributes/Values we will have to put

MX_REF_MX_PRIVILEGE  as one of the attributes and for the value it can either be {A} %privilegeName% or {D} %privilegeName%. "privilegeName" is the column in the temporary table which holds the privilege names. The choice of having a {A} or {D} will be dictated based on the column "operator".  Is there a way to get around this ?

I believe things need to be designed as below. But I want someone to share their experience on this.

Cheers,

Murali

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Murali

You can just do it in the SQL.

SELECT * FROM csvTempTable WHERE operator = '-' -> MXREF_MX_ROLE {D}<rolename>

SELECT * FROM csvTempTable WHERE operator = '+' -> MXREF_MX_ROLE {A}<rolename>

You have to jobs in this case - addRoles and removeRoles but it's much cleaner and easier then using a script.

Peter

Murali_Shanmu
Active Contributor
0 Kudos

Agree, This is even easier. Thanks. But can you confirm if my logic will also work ?

Former Member
0 Kudos

It would work, but you're overcomplicating it

You can have $FUNCTION.operator(operator)$$<privilegeName>

Then you're script merely takes the operator and returns {A} or {D}.

IF Par == "+"

   {   value = "{A} "; }

Else

    {  value= "{D} "; }

return value;

The outcome is {A}<privilegeName> or {D}<privilegeName>

Murali_Shanmu
Active Contributor
0 Kudos

Excellent. You are a champion.

Cheers,

Murali

Answers (1)

Answers (1)

Murali_Shanmu
Active Contributor
0 Kudos

Thinking loud - may be I can use Scripts. I have never used them before and bit clueless.

Scripts can be called using $function.<name>(<parameter>)$$

However, the parameter can be only one. Hence if I were to send multiple parameter, I would need to concatenate them like $function.formPrivilege(%operator%&%privilege%)$$

Below would be the code snippet for the Script


Function formPrivilege(phrase)

// Here we obtain the first character to see if the operation is + or -

// use and IF statement and then accordingly construct a variable with either {A} or {D} concatenated with Privilege name

var myOperator = phrase.substring(0,1)

var myPrivilege = phrase.substring(1)

IF myOperator == "+"

   {   formPrivilege = "{A} " & myPrivilege }

Else

    {  formPrivilege = "{D} " & myPrivilege }

End Function

Can someone confirm if this is the best way to do it ?

Cheers,

Murali