New post
Question
· Jun 28, 2017

Configuring users and roles on many caché instances

#System Administration #Caché

Hi everyone!

We have many severs (DEV, QA and LIVE) besides many other slave servers (about 133) that are running Caché instances. Before writing this utility myself, I would like to know if anyone has done it before. We need to change the SuperUser password and do other credential setups like this on all of these servers and we don't want to do it one by one.

I wonder If anyone has written such a utility...

Kind regards,

AS

Discussion (4)0
Log in or sign up to continue
Jeffrey Drumm · Jun 28, 2017

If LDAP/AD isn't an option, you should look at the class documentation for Security.Users and Security.Roles in the %SYS namespace. They both have import and export methods that should get  you well on  your way.

You can limit the user export to specific roles, allowing you to synchronize non-administrative users without impacting the administrative ones. Assuming you've created a role named %Users that contains only those accounts that need to be updated across all servers:

%SYS > Set sc = ##class(Security.Users).Export("C:\InterSystems\UserExport.xml",.outcnt,"*","%Users")

This would create the file C:\InterSystems\UserExport.xml, containing the users in role %Users, with a count of the number exported in the variable outcnt. The variable sc is of type %Status and should be 1 if everything went ok.

Those users can then be imported on other hosts using the corresponding import method:

%SYS > Set sc = ##class(Security.Users).Import("C:\PathToImport\UserExport.xml",.incnt)

The number of users imported will be found in variable incnt. Again, sc should be 1 if the method completed successfully.

2 0