Creating a CSV configuration file
You create a configuration file that maps the CSV column data to Bravura Security Fabric attributes. The configuration file must be in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory. A sample script, agtcsv.cfgis contained in the <instance>\samples\ directory. Note that any sample script may need customizations to work with your system.
The configuration file is broken up into five sections:
By default the data will not be quoted. If quoting is required, set quote = true ; in each section to ensure that data is quoted.
By default the data will be separated by a comma. If data needs to delimited by a different character, for example a colon, set delimiter = ":" ; in each section. Any single character can be used as a delimiter including a tab character.
Column mappings
The column mappings consistent of the following elements:
id Identifier for the column. If the CSV file has a header then the ID should be the header for that column. If it does not then the ID should be the index (starting at 1) for the column.
type Tells the connector how to process this column. Each file type has its own set of applicable types, and they are described below. One type that is common to all files is CSVIgnore. This type tells the connector that it should not process this column. It will ignore this column for processing on read operations. For write operations it will preserver this column as is for existing records, and write an empty value for new records.
For example:
{type = CSVAcctID; id = userid};
or without headers
{type = CSVGrpMbrGroupID; id = 1}
Boolean attributes require an additional two elements for defining the column. these elements define which values represent true and false for the boolean attribute.
val_true - value in the CSV column that represents true in a boolean config.
val_false - value in the CSV column that represents false in a boolean config.
For example:
{type = CSVAcctStatus; id = is_enabled; val_true = TRUE; val_false = FALSE};
Accounts
This section of the agtcsv.cfg file defines the mappings for the account file.
Column Type | Description |
|---|---|
CSVAcctID | The column in the CSV file that represents the unique identifier for the account. This mapping is required. |
CSVAcctShortID | The column in the CSV file that represents the "short" identifier for the account. This field is typically used for auto-association to user profiles when the LongID does not match. (e.g. CN=Some User,OU=Place vs some.user). This mapping is optional, and if not specified the CSVAcctID value will be used. |
CSVUserName | The column in the CSV file that represents the full (e.g. first + last) name for the account owner. This mapping is optional. |
CSVPassword | The column in the CSV file that represents the password for the account. This mapping is optional. |
CSVExpPW | The column in the CSV file that represents the password expiry status. This is a boolean attribute. This mapping is optional. |
CSVAcctStatus | The column in the CSV file that represents the enabled/disabled status of the account (boolean). This mapping is optional. |
CSVAcctLock | The column in the CSV File that represents the locked (e.g. intruder lockout) status of the account (boolean). This mapping is optional. |
CSVExpAcct | The column in the CSV file that represents the expiry status of the account (boolean). This mapping is optional. |
CSVAttribute | The columns in the CSV file that represent attributes of the account. Currently only single-valued attributes are supported. This mapping is optional. |
CSVIgnore | Columns in the CSV file that we should have the connector ignore. This mapping is optional. |
Groups
This section of the agtcsv.cfg file defines the mappings for the group file.
Column Type | Description |
|---|---|
CSVGroupID | Column in the CSV file that represents the group unique identifier. This mapping is required. |
CSVGroupShortID | The column in the CSV file that represents the "short" identifier for the group. This value can be leveraged in the UI to present a more user friendly group name. (e.g. CN=Some Group,OU=Place vs Some Group). This mapping is optional, and if not specified the CSVGroupID value will be used. |
CSVGroupDesc | Column in the CSV file that represents the group description. This mapping is optional. |
CSVIgnore | Columns in the CSV file that we should have the connector ignore. This mapping is optional. |
Groups Membership
This section of the agtcsv.cfg file defines the mappings for the group membership file.
Column Type | Description |
|---|---|
CSVGrpMbrGroupID | Column in the CSV file that represents the group unique identifier (value must match CSVGroupID in group CSV file). This mapping is required. |
CSVGrpMbrUserID | Column in the CSV file that represents the unique account identifier (value must match CSVAcctID in the account CSV file). This mapping is required. |
CSVGrpMbrIsManager | Column in the CSV file that represents if this member of the group is also a manager or owner for that group. This mapping is optional. |
CSVIgnore | Columns in the CSV file that we should have the connector ignore. This mapping is optional. |
Servers
This section of the agtcsv.cfg file defines the mappings for the server file.
Column Type | Description |
|---|---|
CSVServerID | Column in the CSV file that represents the unique identifier for this server. |
CSVServerName | Column in the CSV file that represents the name of the server. This is normally the human understandable name when the unique identifier is an internal id reference (e.g. GUID). If this is not specified, then the CSVServerID will be used instead. |
CSVServerStatus | Column in the CSV file that represents if the computer object is enabled or not. This is a pseudo attribute that can be leveraged in import rules to determine if this computer should be managed. This mapping is optional. |
CSVServerDeleted | Column in the CSV file that represents if the computer object has been flagged for deletion. This is a pseudo attribute that can be leveraged to move computers into a historical/archival policy. This mapping is optional. |
CSVAttribute | The columns in the CSV file that represent attributes of the computer. Currently only single-valued attributes are supported.This mapping is optional. |
CSVIgnore | Columns in the CSV file that we should have the connector ignore. |