adm_set
Use the adm_set program to manage product administrator access from the command line.
For example, you can use this program to grant product administrator rights to existing users, to create new console-only users, or to re-enable locked-out product administrators.
Usage
adm_set.exe -user <profile ID> [-name "<full name>"] [-pass <password> [-noexpire ] | -nopass] [-type A | -acl <rights list> ] [-delete | -enable | -disable | -unlock] [-ipmask <IP/CIDRmask>] [-nooverwrite]
Argument | Description |
|---|---|
-acl <rights list> | Grant the rights specified in the <rights list> to the user. The <rights list> consists of a sequence of keywords separated by spaces. See Administrative privileges for the list of available keywords. |
-delete | Remove the user’s product administrator rights. |
-disable | Disable the user. |
-enable | Enable the user. |
-unlock | Unlock the user. |
-ipmask <IP/CIDRmask> | Specify, in Classless Inter-Domain Routing (CIDR) notation, the IP addresses from which the user is allowed to connect to the Bravura Security Fabric API. Use this argument if the user has either of the IDAPI caller or OTP IDAPI caller rights. For more information about CIDR refer to the link below. |
-name "<full name>" | Set the full name of the product administrator. If the user is an existing user whose full name is stored in Bravura Security Fabric , you do not need to type a full name. |
-noexpire | Set the password to not expire. This argument applies only to product administrators whose passwords are stored in the Bravura Security Fabric database. |
-nooverwrite | Do not set an existing password. |
-pass <password> | Set the password of the product administrator. Use this argument if you want the user to authenticate using a password stored in Bravura Security Fabric . A password is only required if the user does not have any accounts; that is, you are creating a console-only user. |
-nopass | Prevent the user from authenticating remotely. |
-type A | Grant the user all possible administrative privileges. This overrides the -acl argument. |
-user <profile ID> | The product administrator’s profile ID. Type an existing user’s profile ID if you want to grant or modify his or her administrative privileges or profile status. Type the profile ID of a non-existent user if you want to create a new Bravura Security Fabric user, similar to the superuser, that only performs administrative tasks (console-only access). Users created this way are not mapped to accounts on target systems, and cannot access any of the self-service modules. |
ACL rights list
See list of administrative privileges and keywords for the ACL rights list.
CIDR notation
See more information on CIDR notation .
Examples
To re-create the default superuser user, type:
adm_set -user superuser -pass greatone -type A -name "IDM administrator"
To grant the Manage reports administrative privilege to an existing user, type:
adm_set -user SmithBob -acl runreport
To create a console-only user that can access the API Service (
idapi), type:adm_set -user APIUser1 -pass 5*Epxag1 -acl apicaller -ipmask 10.0.26.5/32
To unlock the default superuser after too many failed login attempts, type:
adm_set -user superuser -unlock