gerrynelson63
commented
1 year ago @tomstarr I will take a look.
Closed tomstarr closed 1 year ago
gerrynelson63
commented
1 year ago @tomstarr I will take a look.
gerrynelson63
commented
1 year ago @tomstarr it looks to me like it should be a blank principal but set the principal type for those special identities. For example:
Authenticated Users
"principal": "", "principalType": "authenticatedUsers"
Everyone
"principal": "", "principalType": "everyone"
tomstarr
commented
1 year ago GENIUS! Worked a treat! My test csv had to look like:
"/ABC","authenticatedUsers","","grant","read","read" "/ABC","group","persona_platformadm_all","grant","read","read,update,delete,add,remove"
Really appreciate the guidance Gerry. Cheers!
tomstarr
commented
1 year ago Hi again Gerry,
I've now stumbled upon a wee bit of a new issue with this script and how it interacts with sas-viya authorization plug-in. The issue occurs when the conveyed permissions field is left intentionally blank/empty.
e.g. "/KWC/Reports/DWVA","group","oag_ro_dwva","grant","read","" "/KWC/Reports","authenticatedUsers","","grant","read","read"
When the csv above is fed into applyfolderauthorization.py the Viya CLI will only create 1x rule, rather than 3x, from the json file that applyfolderauthorization.py created. Basically, the Viya CLI just stops when it encounters a rule with no permissions specified.
Would it be possible to modify applyfolderauthorization.py to drop entries from being written to the bulk_rules_list.json file if the conveyedpermissions row is blank perhaps?
Thanks,
Tom
tomstarr
commented
1 year ago Looked at this with fresh eyes today and found a simple fix for this.
In applyfolderauthorization.py I added an if condition and changed these lines from:
constructed_bulk_rules_list.append(constructed_rule_dict_object) constructed_bulk_rules_list.append(constructed_rule_dict_container)
to:
constructed_bulk_rules_list.append(constructed_rule_dict_object) if len(conveyedpermissions) > 0: constructed_bulk_rules_list.append(constructed_rule_dict_container)
(the if condition is obvs supposed to be tabbed, but the I don't know what the markdown for tabs/spaces is)
Could you add this change into your next commit please?
tomstarr
commented
1 year ago The above code update has been implemented into pull request #160
Hi Gerry, I'm trying to apply some folder rules against the Principal "Authenticated Users", unfortunately however, this doesn't seem to be supported by applyfolderauthorization.py currently.
It appears that when you wish to apply authorization to that Principal (or 'Everyone' or 'Guest') you must prefix it with a special flag, https://go.documentation.sas.com/doc/en/sasadmincdc/v_039/calauthzgen/p1ed0i3sx9clbnn1vm5zzb7qbmt5.htm#p034829n88hhs6n13wxezabng340
I'm not really sure where that flag should appear in the json file that the python script outputs, and I'm wondering whether you could take a look?
Cheers!