Navigation :

Manage Internal Users

Overview

The manage_internal_users program is provided to aid in the provisioning access for OAuth based users against the N2ACD platform.

Supports:

Running manage_internal_users.pl --help will show the program usage.

Manage N2ACD internal users.

    Database connection:
    --db-host           = N2ACD database host name or IP address.               Default = $DEFAULT_DB_HOST.
    --db-port           = N2ACD database port.                                  Default = $DEFAULT_DB_PORT.
    --db-name           = N2ACD database name.                                  Default = $DEFAULT_DB_NAME.
    --db-connect        = N2ACD database connection string. Alternative to
                            --db-host / --db-port / --db-name providing full
                            control over the DBI connection string. This may
                            be useful if [for example] connecting to a
                            service defined in ~/.pg_service.conf.
    --db-user           = N2ACD database user name.                             Default = $DEFAULT_DB_USER.
    --db-password       = N2ACD database user password. If not directly specified, credentials specified in ~/.pgpass will be used.

    Current users can be listed with:
    --list-users

    For all other user manipulation functions, one of the follow must be provided:
    --external-id       = The GUID string that maps to the external user that will be authorised.
    --external-upn      = The string that maps to the external user principal that will be authorised.

    User manipulation functions:
    --create              = Create a new user record mapped to the provided external ID or UPN.
    --remove              = Remove the user record mapped to the provided external ID or UPN.
    --enable              = Enable the user record mapped to the provided external ID or UPN.
    --disable             = Disable the user record mapped to the provided external ID or UPN.
    --restricted-access   = Restrict user customer access to the customer list for the user mapped to the provided external ID or UPN.
    --unrestricted-access = Unrestrict user customer access to the customer list for the user mapped to the provided external ID or UPN.
    --add-customer        = The name of an N2ACD customer. Create a new association between the specified customer and the user with the provided external ID or UPN.
    --remove-customer     = The name of an N2ACD customer. Remove any association between the specified customer and the user with the provided external ID or UPN.
    --show-customers      = Show all customers associated with the user with the provided external ID or UPN.
    --list-users          = Show all user records.

Common Options

The following common options may be specified when executing manage_internal_users.

Option Type Default Description
--db-host String localhost IP address or FQDN of the PostgreSQL database instance to connect to.
--db-port Number 5432 Port number of the PostgreSQL database instance to connect to.
--db-name String n2in_owner Name of the PostgreSQL database that contains the N2ACD schema.
--db-connect PSQL DB Connection String Alternative option to using --db-host --db-port and --db-name. Specified as a PostgreSQL connection string. See PostgreSQL Connection Strings for more information.
--db-user String n2acd_owner The username of the user to connect to the PostgreSQL database instance with.
--db-password String The password for the user specified with --db-user to connect to the PostgreSQL database instance with.
--external-id UID String Required 1 The UID of the external OAuth user to create a mapping for.
In Azure this is the User Object ID and is formatted as 8e24dfc7-8ac4-4f06-b308-89f906c7a9b3.
--external-upn String Required 1The UPN of the external OAuth user to create a mapping for.
In Azure this is the User Principal Name and is formatted as user@tenant.onmicrosoft.com
--create Switch If provided, a user mapped to the provided UID or UPN will be created within the N2ACD database.
--remove Switch If provided, the user mapped to the provided UID or UPN will be removed from the N2ACD database.
--add-customer String The name of an N2ACD customer. Access to this customer will be granted to the user mapped to the provided UID or UPN within the N2ACD database.
--remove-customer String The name of an N2ACD customer. Access to this customer will be revoked from the user mapped to the provided UID or UPN within the N2ACD database.
--show-customers Switch If provided, the customers currently associated with the user mapped to the provided UID or UPN within the N2ACD database will be listed.
--enable Switch If provided, the user mapped to the provided UID or UPN will be enabled.
--disable Switch If provided, the user mapped to the provided UID or UPN will be disabled.
--restricted-access Switch If provided, the user mapped to the provided UID or UPN will use the restricted access list of customers associated with it.
--unrestricted-access Switch If provided, the user mapped to the provided UID or UPN will be granted access to all customers.
--list-users Switch If provided, all users currently configured on the platform will be listed.

1. Either the UID or UPN is required. Only one may be specified.

Example Usages

Create External OAuth User Mapping

./manage_internal_users.pl --create --external-upn 'user@tenant.onmicrosoft.com' --db-password <db_password>

---------------------------------------------------------------------------
DB host                     = 'localhost'
DB port                     = '5432'
DB name                     = 'n2in'
DB user                     = n2acd_owner
DB password                 = [specified]
External ID                 = [not specified]
External Principal          = 'user@tenant.onmicrosoft.com'
Creating External User?     = Yes
Removing External User?     = No
Enabling External User?     = No
Disabling External User?    = No
Restricting External User?  = No
Unrestrictin External User? = No
Customer to Add             = [not specified]
Customer to Remove          = [not specified]
Showing Customers?          = No
Listing Users?              = No
---------------------------------------------------------------------------

NOTICE: Created External User ID 'N/A' User Principal 'user@tenant.onmicrosoft.com' with User ID '8'

Associate Test Customer with New OAuth User Mapping

./manage_internal_users.pl --external-id '8e24dfc7-8ac4-4f06-b308-89f906c7a9b2' --add-customer "Test" --db-password <db_password>

---------------------------------------------------------------------------
DB host                     = 'localhost'
DB port                     = '5432'
DB name                     = 'n2in'
DB user                     = n2acd_owner
DB password                 = [specified]
External ID                 = '8e24dfc7-8ac4-4f06-b308-89f906c7a9b2'
External Principal          = [not specified]
Creating External User?     = Yes
Removing External User?     = No
Enabling External User?     = No
Disabling External User?    = No
Restricting External User?  = No
Unrestrictin External User? = No
Customer to Add             = 'test'
Customer to Remove          = [not specified]
Showing Customers?          = No
Listing Users?              = No
---------------------------------------------------------------------------

NOTICE: Created External User ID '8e24dfc7-8ac4-4f06-b308-89f906c7a9b2' User Principal 'N/A' with User ID '10'
NOTICE: Created User Customer Mapping for User ID '10' to Customer 'test' with User Customer ID '39516'

Show Customers for OAuth User

./manage_internal_users.pl --show-customers --external-id '8e24dfc7-8ac4-4f06-b308-89f906c7a9b2' --db-password <db_password>

---------------------------------------------------------------------------
DB host                     = 'localhost'
DB port                     = '5432'
DB name                     = 'n2in'
DB user                     = n2acd_owner
DB password                 = [specified]
External ID                 = '8e24dfc7-8ac4-4f06-b308-89f906c7a9b2'
External Principal          = [not specified]
Creating External User?     = No
Removing External User?     = No
Enabling External User?     = No
Disabling External User?    = No
Restricting External User?  = No
Unrestrictin External User? = No
Customer to Add             = [not specified]
Customer to Remove          = [not specified]
Showing Customers?          = Yes
Listing Users?              = No
---------------------------------------------------------------------------

NOTICE: Found existing Internal User ID '10' for External ID '8e24dfc7-8ac4-4f06-b308-89f906c7a9b2' External UPN 'N/A'
NOTICE: Configured Customers for External ID '8e24dfc7-8ac4-4f06-b308-89f906c7a9b2' External Principal 'N/A':
Customer ID     | External ID                                        | Customer Name
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
9865            | test                                               | test

Show all Users

./manage_internal_users.pl --list-users --db-password <db_password>

---------------------------------------------------------------------------
DB host                     = 'localhost'
DB port                     = '5432'
DB name                     = 'n2in'
DB user                     = n2acd_owner
DB password                 = [specified]
External ID                 = [not specified]
External Principal          = [not specified]
Creating External User?     = No
Removing External User?     = No
Enabling External User?     = No
Disabling External User?    = No
Restricting External User?  = No
Unrestrictin External User? = No
Customer to Add             = [not specified]
Customer to Remove          = [not specified]
Showing Customers?          = No
Listing Users?              = Yes
---------------------------------------------------------------------------

NOTICE: Configured Users:
User ID         | External User Reference                            | External User Principal                            | Enabled/Disabled | Restricted/Unrestricted
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1               | 8e24dfc7-8ac4-4f06-b308-89f906c7a9b2               | -                                                  | Enabled          | Restricted
2               | 6696ae8f-7791-41e0-b265-b119de4565f1               | test                                               | Enabled          | Restricted
3               | -                                                  | user@tenant.onmicrosoft.com                        | Enabled          | Restricted

Disable a Users Access

./manage_internal_users.pl --external-id '8e24dfc7-8ac4-4f06-b308-89f906c7a9b2' --disable --db-password <db_password>

---------------------------------------------------------------------------
DB host                     = 'localhost'
DB port                     = '5432'
DB name                     = 'n2in'
DB user                     = n2acd_owner
DB password                 = [specified]
External ID                 = '8e24dfc7-8ac4-4f06-b308-89f906c7a9b2'
External Principal          = [not specified]
Creating External User?     = No
Removing External User?     = No
Enabling External User?     = No
Disabling External User?    = Yes
Restricting External User?  = No
Unrestrictin External User? = No
Customer to Add             = [not specified]
Customer to Remove          = [not specified]
Showing Customers?          = No
Listing Users?              = No
---------------------------------------------------------------------------

NOTICE: Found existing Internal User ID '10' for External ID '8e24dfc7-8ac4-4f06-b308-89f906c7a9b2' External UPN 'N/A'
NOTICE: Updated User enabled state to 'Disabled' for for External ID '8e24dfc7-8ac4-4f06-b308-89f906c7a9b2' External Principal 'N/A'