Documentation forAccess Rights Manager

DEEP DIVE: Pass parameters to a script via JSON or CSV

In the "Deep Dive" you learn how exactly parameters are transferred to a script via JSON or CSV file.

 

The following chapters describe:

  1. General: Include a template with a script call in Access Rights Manager. Described using the example "Disable a user via GrantMA".
  2. In detail: Pass the parameters to the script via JSON or CSV.

 

Disable a user via GrantMA

Background / Value

Ordering a new user on the GrantMA Self-Service Portal is natively supported by Access Rights Manager. Disabling a user after the order workflow has been completed becomes possible through the use of scripts. The combination GrantMA - Scripts - Access Rights Manager webAPI opens up a multitude of further possibilities to automate documented processes.

 

An example is the option described below of ordering the deactivation of a user:

  1. Define an open template and ask for required values in a request in GrantMA.
  2. After approval, the values are passed to a script.
  3. The script controls Access Rights Manager via the webAPI to perform the required action in Access Rights Manager.
  4. Access Rights Manager executes the action and logs it in the Access Rights Manager logbook.

 

Related features

Create a user account as an HR employee

 

 

Step-by-step process

Screenshots property of © 2020 Microsoft.

In the directory

%programdata%\Protected Networks\8MAN\data\templates

Access Rights Manager provides a sample template for disabling users.

Copy the sample file, remove the suffix ".example" and make adjustments as needed. For more information, see the "Customize ARM Templates" section.

The template will be loaded automatically. Errors while loading the template are displayed in the server health check.

 

Screenshots property of © 2020 Microsoft.

In the directory

OLD: %programdata%\Protected Networks\8MAN\scripts\analyze
NEW: %programdata%\SolarWinds\ARM\scripts\analyze

Access Rights Manager provides a sample script for disabling users.

 

On the start page of the Access Rights Manager configuration select "Scripts".

  1. Click on the tab "Order templates / Service actions".
  2. Choose "Template".
  3. Select the script, in this example here "DeactivateAccount.ps1".

 

Specify which parameters are passed to the script.

In the example here, the authentication token and the comment are passed.

 

In addition, the values queried in the template are passed to the script:

  • The name of the account to be deactivated
  • The date on which the account should be deactivated

 

Enter the name of the script. The name must match the call in the template.

 

In the Data Owner configuration you set the template to requestable.

  1. Use Drag & Drop to add the template to an organizational category.
  2. The template must be requestable (default) and modifiable.

 

Start the request in GrantMA.

 

The freely configurable template queries the values that will later be passed as parameters to the script. In the example here:

  • The account to be deactivated.
  • The date on which the account should be deactivated.

 

After completing and approving the order as usual, the script will be executed automatically.

 

In the task overview, you can see details about job execution. Successful job execution here means that the script started successfully.

 

For information about the script execution, see the Access Rights Manager Log.

To diagnose script execution errors, use the linked log file.

 

Pass parameters to a script via JSON or CSV

The transfer of parameters to the script can be done either directly or through a JSON or CSV file. The direct entry is described in the previous section "Disabling a user via GrantMA".

Using a JSON or CSV file is especially convenient if you want to pass many parameters to a script. In particular, the JSON format in Powershell can be used immediately as an object.

 

Here's a sample PowerShell script that simply outputs the parameters passed by JSON.

Location

%ProgramData%\Protected Networks\8MAN\scripts\analyze\jsonImport.ps1

 

Code

param(
[string]$json
)
# example for reading json formatted data addressed by $json over command line
# Read all data from json file into an object
Write-Host $json
(Get-Content  $json) -join "`n" | ConvertFrom-Json | Write-Host
# here you can alternatively assign and compute the object

 

Configuration of the script

  1. Enter the name of the script.
  2. Select "JSON object and additional parameters" dropdown.
  3. Optional: Specify additional parameters that will be passed to the script in addition to those contained in the JSON file.

 

Enter the name of the script. The name must match the call in the template.

 

In the command line preview, you will see the call of the JSON file.

The JSON file is temporarily stored here after filling in the template:

%ProgramData%\protected-networks.com\8MAN\tmp\script\

and gets a file name with timestamp, for example:

jsonImport_param_20180318130028263.json

 

The variable {jsonfile} can be used as the filename on the command line.

 

 

Supported field types / input options from the templates

Textfield

Returns the text content. If the field is empty, it will not be transported.

 

DropDown

Returns the value of the selection, not the display value.

 

Checkbox

Returns the text "True" if the box was selected, otherwise "False".

 

DatePicker

Returns the text of the selected time. The output format can be influenced by the parameter "ScriptParameterFormat".(.net definitions).

 

RadioButton

Returns the text of the selected radio button. The key is the Radio GroupId.

 

Example JSON-File

{
	"OnBoardingUser": "Horst Peter (arm-demo\\H.Peter)",
	"FirstName": "Horst",
	"LastName": "Peter",
	"LoginName": "H.Peter",
	"VPN2": "False",
	"VPN": "True",
	"WLAN": "True",
	"Teamwarp": "True",
	"Jira": "False",
	"HomeDir": "True",
	"When": "2018-03-28T22:00:00.0000000Z",
	"DropDownValue": "Value B",
	"UserComment": "LOL"
}