Page History

...

Command	Category	Documentation
get-account / setstore-account	Accounts
rename-account / remove-account
get-account-permission
set-account-password / reset-account-password
enable-account / disable-account
get-role / setstore-role	Roles
rename-role / remove-role	Roles
get-permission / set-permission	Permissions
rename-permission / remove-permission	Permissions
get-folder / set-folder	Folders
rename-folder / remove-folder	Folders
get-identity-service / setstore-identity-service	Identity Services
rename-identity-service / remove-identity-service	Identity Services

...

Code Block

title	Usage

Usage: deploy-iam.sh [Command] [Options] [Switches]

  Commands:
    get-account             --service [--account] [--enabled] [--disabled]
    setstore-account             --service  --account [--role] [--account-password] [--disabled] [--force-password-change]
    rename-account          --service  --account
    remove-account          --service  --account
    get-account-permission  --service  --account
    set-account-password    --service  --account --account-password
    reset-account-password  --service  --account
    enable-account          --service  --account
    disable-account         --service  --account

    get-role                --service [--role]
    setstore-role                --service  --role
    rename-role             --service  --role --new-role
    remove-role             --service  --role

    get-permission          --service  --role [--controller-id]
    set-permission          --service  --role --permission [--excluded] [--controller-id]
    rename-permission       --service  --role --permission  --new-permission [--excluded] [--controller-id]
    remove-permission       --service  --role --permission [--controller-id]

    get-folder              --service  --role [--folder] [--controller-id]
    set-folder              --service  --role  --folder [--recursive] [--controller-id]
    rename-folder           --service  --role  --folder  --new-folder [--recursive] [--controller-id]
    remove-folder           --service  --role  --folder [--controller-id]

    get-identity-service   [--service]
    setstore-identity-service    --service --service-type [--service-ordering] [--required] [--disabled]
                           [--authentication-scheme] [--single-factor-certificate] [--single-factor-password]
    rename-identity-service --service --new-service
    remove-identity-service --service

  Options:
    --url=<url>                        | required: JOC Cockpit URL
    --user=<account>                   | required: JOC Cockpit user account
    --password=<password>              | optional: JOC Cockpit password
    --ca-cert=<path>                   | optional: path to CA Certificate used for JOC Cockpit login
    --client-cert=<path>               | optional: path to Client Certificate used for login
    --client-key=<path>                | optional: path to Client Key used for login
    --timeout=<seconds>                | optional: timeout for request, default: 60
    --controller-id=<id>               | optional: Controller ID
    --account=<identifier]>            | optional: account name
    --account-password=<password>      | optional: password for account
    --service=<identifier]>            | required: identity service name
    --service-type=<identifier>        | optional: identity service type, JOC, LDAP, LDAP-JOC, OIDC, OIDC-JOC
    --service-ordering=<number>        | optional: identity service ordering by ascending number
    --new-service=<identifier>         | optional: new identity service name
    --authentication-scheme=<factor>   | optional: identity service authentication scheme: SINGLE-FACTOR, TWO-FACTOR
    --role=<identifier[,identifier]>   | optional: list of role identifiers
    --new-role=<identifier>            | optional: new role identifier
    --permission=<identifier>          | optional: permission identifier
    --new-permission=<identifier>      | optional: new permission identifier
    --folder=<folder>                  | optional: folder name assigned a role
    --new-folder=<folder>              | optional: new folder name assigned a role
    --audit-message=<string>           | optional: audit log message
    --audit-time-spent=<number>        | optional: audit log time spent in minutes
    --audit-link=<url>                 | optional: audit log link
    --log-dir=<directory>              | optional: path to directory holding the script's log files

  Switches:
    -h | --help                        | displays usage
    -v | --verbose                     | displays verbose output, repeat to increase verbosity
    -p | --password                    | asks for password
    -a | --account-password            | asks for account password
    -f | --force-password-change       | enforces password change on next login
    -e | --enabled                     | filters for enabled accounts
    -d | --disabled                    | filters for disabled accounts or disables identity services
    -x | --excluded                    | sets excluded permissions
    -q | --required                    | enforces use of identity service
    -r | --recursive                   | applies folder operation to sub-folders
    --single-factor-certificate        | certificate allowed as single factor
    --single-factor-password           | password allowed as single factor
    --show-logs                        | shows log output if --log-dir is used
    --make-dirs                        | creates directories if they do not exist

see https://kb.sos-berlin.com/x/lwTWCQ

...

Space shortcuts

Page tree

Versions Compared

Old Version 6

New Version 7

Key