CSV file
Connector name |
|
Connector type | Executable |
Type (UI field value) | CSV File Connector |
Connector status / support | Bravura Security-Verified This connector has been tested and is fully supported by Bravura Security. |
Installation / setup | You create a configuration file that maps the CSV column data to Bravura Security Fabric attributes. The configuration file must be placed in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory. A sample script, |
The following Bravura Security Fabric operations are supported by this connector (depending on your product license and version):
user change password
expire password
check password expiry
administrator reset password
unexpire password
unlock account
user verify password
create account
delete account
disable account
enable account
expire account
create group
delete group
add user to group
delete user from group
check account enabled
check account expiry
check account lock
lock account
unexpire account
update attributes
List:
accounts
attributes
groups
members
computer objects
Note
This connector supports the password operations but it is not recommended to use this system to managed passwords as the password field in the CSV file is not encrypted.
For a full list and explanation of each connector operation, see connector operations.
Alternate methods for targeting CSV files
Bravura Security Fabric provides two methods for targeting CSV files: the CSV connector (agtcsv) and the ODBC connector (agtodbcscript). Determining which method to use depends on:
The flexibility of the CSV format. Can it be modified or not?
The need to write back out to the CSV files. Are the CSV files read-only or do they also need to be updated by Bravura Security Fabric .
Do columns within the CSV need to be combined to create unique or meaningful data for Bravura Security Fabric ? For example are two columns required to make a unique key?
Do the CSV files exist on a remote share or are they local to the Bravura Security Fabric server?
Is object data and attributes spread across multiple CSV files or is it self-contained in a single CSV file?
Choose the CSV connector (agtcsv) if:
You have a requirement to write data back out to the CSV files from Bravura Security Fabric .
Your CSV files exist on a remote server and a persistent drive mapping cannot be established.
Your CSV file format is flexible and columns can be added in order to satisfy the requirements of the CSV connector’s configuration.
Choose the ODBC connector (agtodbcscript) if:
You do not require the ability to write data back out to the CSV files (read only).
Your CSV files exist locally on the Bravura Security Fabric servers, or can be accessed remotely via a persistent drive mapping.
Your CSV file format is unchangeable, and the connector must be able to join, merge, and manipulate columns of the CSV file to extract the appropriate data.
Attribute and object data is spread across multiple CSV files.
Continue reading this chapter to learn about using the CSV connector. To learn how to target CSV files using the ODBC connector, see ODBC script.
Preparation
Before you can target with CSV connector, you must:
Create CSV files containing account, group, group memberships or computer information.
The files can be created from Microsoft Excel spreadsheets or from an export from another system.
Create a CSV configuration file.
Set up a target system administrator if the CSV files exist on a UNC share (optional).
Create at least one template account.
Setting up a target system administrator
Bravura Security Fabric does not require a designated account to perform Bravura Security Fabric operations using the CSV connector. The account specified is only used when the CSV files are located on a UNC share. Create an account that has Read , Write and Modify permissions on the UNC share if one does not already exist. For local files, administrator credentials are not required and can be left blank.
Creating a template account
Bravura Security Fabric uses template accounts as models or "blueprints" for creating new accounts in the CSV files. Add a line in the CSV file for the template account.
Creating a CSV configuration file
You create a configuration file that maps the CSV column data to Bravura Security Fabric attributes. The configuration file must be in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory. A sample script, agtcsv.cfgis contained in the <instance>\samples\ directory. Note that any sample script may need customizations to work with your system.
The configuration file is broken up into five sections:
By default the data will not be quoted. If quoting is required, set quote = true ; in each section to ensure that data is quoted.
By default the data will be separated by a comma. If data needs to delimited by a different character, for example a colon, set delimiter = ":" ; in each section. Any single character can be used as a delimiter including a tab character.
Column mappings
The column mappings consistent of the following elements:
id Identifier for the column. If the CSV file has a header then the ID should be the header for that column. If it does not then the ID should be the index (starting at 1) for the column.
type Tells the connector how to process this column. Each file type has its own set of applicable types, and they are described below. One type that is common to all files is CSVIgnore. This type tells the connector that it should not process this column. It will ignore this column for processing on read operations. For write operations it will preserver this column as is for existing records, and write an empty value for new records.
For example:
{type = CSVAcctID; id = userid};
or without headers
{type = CSVGrpMbrGroupID; id = 1}
Boolean attributes require an additional two elements for defining the column. these elements define which values represent true and false for the boolean attribute.
val_true - value in the CSV column that represents true in a boolean config.
val_false - value in the CSV column that represents false in a boolean config.
For example:
{type = CSVAcctStatus; id = is_enabled; val_true = TRUE; val_false = FALSE};
Accounts
This section of the agtcsv.cfg file defines the mappings for the account file.
Column Type | Description |
|---|---|
CSVAcctID | The column in the CSV file that represents the unique identifier for the account. This mapping is required. |
CSVAcctShortID | The column in the CSV file that represents the "short" identifier for the account. This field is typically used for auto-association to user profiles when the LongID does not match. (e.g. CN=Some User,OU=Place vs some.user). This mapping is optional, and if not specified the CSVAcctID value will be used. |
CSVUserName | The column in the CSV file that represents the full (e.g. first + last) name for the account owner. This mapping is optional. |
CSVPassword | The column in the CSV file that represents the password for the account. This mapping is optional. |
CSVExpPW | The column in the CSV file that represents the password expiry status. This is a boolean attribute. This mapping is optional. |
CSVAcctStatus | The column in the CSV file that represents the enabled/disabled status of the account (boolean). This mapping is optional. |
CSVAcctLock | The column in the CSV File that represents the locked (e.g. intruder lockout) status of the account (boolean). This mapping is optional. |
CSVExpAcct | The column in the CSV file that represents the expiry status of the account (boolean). This mapping is optional. |
CSVAttribute | The columns in the CSV file that represent attributes of the account. Currently only single-valued attributes are supported. This mapping is optional. |
CSVIgnore | Columns in the CSV file that we should have the connector ignore. This mapping is optional. |
Groups
This section of the agtcsv.cfg file defines the mappings for the group file.
Column Type | Description |
|---|---|
CSVGroupID | Column in the CSV file that represents the group unique identifier. This mapping is required. |
CSVGroupShortID | The column in the CSV file that represents the "short" identifier for the group. This value can be leveraged in the UI to present a more user friendly group name. (e.g. CN=Some Group,OU=Place vs Some Group). This mapping is optional, and if not specified the CSVGroupID value will be used. |
CSVGroupDesc | Column in the CSV file that represents the group description. This mapping is optional. |
CSVIgnore | Columns in the CSV file that we should have the connector ignore. This mapping is optional. |
Groups Membership
This section of the agtcsv.cfg file defines the mappings for the group membership file.
Column Type | Description |
|---|---|
CSVGrpMbrGroupID | Column in the CSV file that represents the group unique identifier (value must match CSVGroupID in group CSV file). This mapping is required. |
CSVGrpMbrUserID | Column in the CSV file that represents the unique account identifier (value must match CSVAcctID in the account CSV file). This mapping is required. |
CSVGrpMbrIsManager | Column in the CSV file that represents if this member of the group is also a manager or owner for that group. This mapping is optional. |
CSVIgnore | Columns in the CSV file that we should have the connector ignore. This mapping is optional. |
Servers
This section of the agtcsv.cfg file defines the mappings for the server file.
Column Type | Description |
|---|---|
CSVServerID | Column in the CSV file that represents the unique identifier for this server. |
CSVServerName | Column in the CSV file that represents the name of the server. This is normally the human understandable name when the unique identifier is an internal id reference (e.g. GUID). If this is not specified, then the CSVServerID will be used instead. |
CSVServerStatus | Column in the CSV file that represents if the computer object is enabled or not. This is a pseudo attribute that can be leveraged in import rules to determine if this computer should be managed. This mapping is optional. |
CSVServerDeleted | Column in the CSV file that represents if the computer object has been flagged for deletion. This is a pseudo attribute that can be leveraged to move computers into a historical/archival policy. This mapping is optional. |
CSVAttribute | The columns in the CSV file that represent attributes of the computer. Currently only single-valued attributes are supported.This mapping is optional. |
CSVIgnore | Columns in the CSV file that we should have the connector ignore. |
Targeting CSV files with the CSV File Connector
For each CSV file system, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems).
Type is CSV File Connector .
Address uses syntax described in the table below.
The full list of target system parameters is explained in Target System Options.
Note
Support for "Exclude duplicate objects when listing" implemented in Connector Pack 4.4.0.
Option | Description |
|---|---|
Options marked with a | |
Path to CSV files (UNC or Local) | Location of the CSV files. This can either be a local file system path or a UNC path. (key: csvpath) |
Configuration file for Column Mappings | Name of the file describing the layout of the CSV files . The file must be placed in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\. (key: cfgfile) |
Are the CSV files on a remote server? | Default is false. (key: remote) |
Exclude duplicate objects when listing | Skip over duplicate records if they are encountered. (key: listUniquifyObjects) |
Account CSV File | Name of the CSV file containing accounts and associated attributes. (key: acctfile) |
Account CSV file has headers | Default is true. (key: accthdrs) |
Group CSV File | Name of the CSV file containing groups. (key: grpfile) |
Group CSV file has headers | Default is true. (key: grphdrs) |
Group membership CSV File | Name of the CSV file containing group memberships. (key: gmbrfile) |
Group membership CSV file has headers | Default is true. (key: gmbrhdrs) |
Server CSV File | Name of the CSV file containing servers and associated attributes. (key: srvfile) |
Server CSV file has headers | Default is true. (key: srvhdrs) |
Access | Select Read (default) or Read/Write. Read gives access to CSV files that have Read-only permissions. Read/Write gives access to CSV files that have both Read and Write permissions. (key: access) |
Handling account attributes
The attributes that define accounts are unique to specific applications; you must therefore create your own set of account attributes. You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using in the Manage the system (PSA) module account attributes menu.
See Account attributes in the Bravura Security Fabric configuration documentation for more information.