This tool provides a method to quickly list and modify the permissions of a 'Folder' in HP Server Automation. It operates on one folder at a time, but allows you to specify multiple roles in one invocation.
This utility is intended to be used on an SA core, although a few simple modifications can enable it to run on any managed agent.
The tool provides options to push privileges recursively. It always assumes that you want to propagate 'LIST' up. If that turns out not to be the case, then someone can file an enhancement request. :)
Note: For details on the syntax of the --perm option, see the 'Permission Syntax' section
usage: opswchmod.py [options]
options:
-h, --help show this help message and exit
-p PERM, --perm=PERM Permissions to add. See the README or --permhelp for
more details
-l, --list List the current permissions on the folder
-r ROLES, --roles=ROLES
The roles to add. Implements partial matching or
multiple roles
-f FOLDER, --folder=FOLDER
The folder to add the permissions to
-R, --recurse Apply the permissions recursively
-u USERNAME, --username=USERNAME
Your SA username
-d, --debug Set debugging to true
--permhelp Print help on permissions
-
List all permissions for a folder
./opswchmod.py --list -f '/Customers/ACME' -u admin
-
Set permissions on a folder for a user
./opswchmod.py --perm wx -r johndoe -f '/Customers/ACME/Scripts' -u admin
-
Set permissions on a folder, recursively
./opswchmod.py --perm wx -r johndoe -f '/Customers/ACME/Scripts' --recurse -u admin
-
Set permissions on a folder for all groups starting with 'ACME-SYS'
./opswchmod.py --perm wxe -r ACME-SYS -f '/Customers/ACME/Policies' -u admin
-
Set permissions for group ACME-SYSADMIN and ACME-AUDITORS
./opswchmod.py --perm rx -r ACME-SYSADMIN -r ACME-AUDITORS -f '/Customers/ACME' -u admin
-
Remove all permissions on folders for the ACME-SYSOPS group
./opswchmod.py --perm 0 -r ACME-SYSOPS -f '/Customers/ACME/Policies' -u admin
You can specify a combination of {L,R,W,X,E} or 0
Attribute | Permission |
---|
L | LIST |
R | READ |
W | WRITE |
X | EXECUTE |
E | EDIT FOLDER PERMISSIONS |
0 | DELETE ALL PERMISSIONS |
Any permission, other than LIST and 0, will also apply LIST. If you specify WRITE, this also applies READ, as well as LIST.
0 is exclusive and should not be combined with any other permissions. It will override any other permissions specified on the command line. Its purpose is to provide a mechanism for removing permissions for a role from a folder.
EXECUTE, EDIT FOLDER and WRITE can all be specified, but never apply each other.
-
Apply all permissions:
--perms wxe
This applies LIST, READ, WRITE, EXECUTE and EDIT.
-
Apply LIST and READ:
--perms r
This applies LIST and READ.
-
Apply READ and EXECUTE:
--perms rx
This applies LIST, READ and EXECUTE.
-
Apply WRITE AND EXECUTE:
--perms wx
This applies LIST, READ, WRITE and EXECUTE.
-
Delete all permissions:
--perms 0
This will delete all permissions for the roles specified