Batch Loading User Accounts and Roles

< enportal | 5.6 | admin | system administration


An XML-based language is used to define valid roles, domains, and users. While most administration of roles, domains, and users occurs in the System Explorer (Under Advanced Tab and Explore System), an alternative method is to load this information from XML-encoded text files.
This section explains the XML specifications for account definition files.

Page Contents

1. File Locations


A default account definition file is shipped with the system and can be used as an example for customizing or adding roles, domains, or users. The account definition file, accounts.xml, is contained on the server in the directory: [INSTALL_HOME]/server/webapps/enportal/WEB-INF/xmlroot/server/content/system.

Be sure to save your own account definition XML files in the following location (other than the default location shown above):

[INSTALL_HOME]/server/webapps/enportal/WEB-INF/xmlroot/server/custom.


The account definition DTD can be found on the server at:

[INSTALL_HOME]/server/webapps/enportal/WEB-INF/xmlroot/server/dtds/AccountDefinitions.dtd


2. Account Definitions XML Specifications


It is recommended that you be familiar with the user management concepts (role, domain, and user) before reading this section.

The following is an example of an Account Definitions file.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE AccountDefinitions SYSTEM "../dtds/AccountDefinitions.dtd">
<AccountDefinitions>
<!-- Define Role staff -->
<Role name="helpdesk" />
<Role name="staff" parentRoleID="/helpdesk" />
<!-- Define Roles NOC, managers, and operators -->
<Role name="NOC" >
    <Role name="managers" />
    <Role name="operators" />
</Role>
<!-- Define Domain Accounting -->
<Domain name="Accounting" >
<!-- All users defined for this role will have access to the Data Entry and Bookkeeper roles -->
    <RoleLink roleID="/dataentry" />
    <RoleLink roleID="/bookkeeper" />
    <!-- Define Users of domain Accounting -->
    <User userID="john" password="apple" >
        <!-- This user also has access to the NOC Manager role -->
        <RoleLink roleID="/NOC/manager" />
    </User>
    <User userID="mary" password="orange" >
        <!-- This user also has access to the NOC Manager role -->
        <RoleLink roleID="/NOC/manager" />
    </User>
    <User userID="sue" password="grape" >
        <!-- This user also has access to the NOC Operator role -->
        <RoleLink roleID="/NOC/operator" />
    </User>
</Domain>
</AccountDefinitions>


The following sections explain each part in the Account Definitions file:

2.1. Account Definitions Tag


The <AccountDefinitions> tag is the root tag that identifies the enclosed tags as account definitions. The tag can contain any number of <Role>, <Domain>, and <User> tags. There are no attributes for this tag.


2.2. Role Tag


The <Role> tag is used to define a role in the system. The Account Definitions file can contain any number of <Role> tags, which allow the creation of a nested hierarchy of roles. This tag has two required attributes:

  • Name: used in the name of the specific role or subrole.
  • ParentRoleID: used to identify the parent role in the hierarchical rolespace.

The following example defines a role entitled 'staff' in the 'helpdesk' rolespace: <<Role name="staff" parentRoleID="/helpdesk" />

The following example defines a hierarchical rolespace with two roles 'managers' and 'operators' under the 'NOC' rolespace:

<Role name="NOC" >
<Role name="managers" />
<Role name="operators" />
</Role>

If the NOC rolespace existed previously, the roles 'managers' and 'operators' could be created with the following:

<Role name="managers" parentRoleID="/NOC" />
<Role name="operators" parentRoleID="/NOC" />


2.3. Domain, User, and Role Link Tags


The <Domain>, <User>, and <RoleLink> tags are used together to create domains and users, and to assign domains and users to existing roles.

<Domain> Tag
The <Domain> tag is used to define a domain in the system. This tag can contain any number of <RoleLink> and <User> tags. The <Domain> tag has one required attribute:

  • name: used in display labels of the domain.


<User> Tag
The <User> tag is used to define a user in the enclosing domain. The tag can contain any number of <RoleLink> tags. The <User> tag has two required attributes:

  • userID: a user account name that must be unique to the domain.
  • password: password for the account.


<RoleLink> Tag
The <RoleLink> tag is used to assign the enclosing domain and/or user to a role in the system:

  • When enclosed in a <Domain> tag, a <RoleLink> tag assigns the specified role to all users in the domain.
  • When enclosed in a <User> tag, a <RoleLink> tag assigns the specified role to only that user.

The tag has one required attribute:

  • roleID: reference to the role ID of a previously defined role, as described in the Role Tag subsection.


Example
The following example defines a domain named 'Accounting' with the roles 'dataentry' and 'bookkeeper' assigned to all users defined in the domain.

<Domain name="Accounting" >
    <RoleLink roleID="/dataentry" />
    <RoleLink roleID="/bookkeeper" />
    <User userID="john" password="apple" />
    <User userID="mary" password="orange" />
    <User userID="sue" password="grape" />
</Domain>

2.4. Loading into System

Once the account definitions file (for example, [INSTALL_HOME]/server/webapps/enportal/WEB-INF/xmlroot/server/custom/accounts.xml) is created, use the following step to load it to the system

  1. Use a text editor to create a custom load file (for example, load_account.txt) in [INSTALL_HOME]/server/webapps/enportal/WEB-INF/xmlroot/server/ directory.
  2. The content of load_account.txt has one line custom/accounts.xml in it.
  3. Log in to enPortal as administrator.
  4. Mouse over the Advanced tab and then "Utilities" and click XMLImport to load the account definitions file to the system.