|
From: | Deiss, Mark |
Subject: | [help-gnubatch] User control enhancements |
Date: | Wed, 14 Mar 2012 09:06:42 -0500 |
New user to GNUbatch so maybe these capabilities are already covered. Two enhancements requested: 1) For user access control, would like to see the following syntax supported to revoke all access privileges on a particular username. gbch-uchange –p –ALL <username> Right now with GNUBatch vs 1.4, getting back an error of: “Invalid privilege flag …”. To revoke all access, have to run gbch-ulist, pick out the particular account and run the gbch-uchange with each of the listed enabled privileges, with the minus symbol, to revoke access. 2) Would also like ability to remove a user account all together from the btufile. Do not want system accounts represented or other user accounts that are not to have access. Sites may elect to maintain an external list of prohibited accounts that would be used as a second step to reduce the btufile content after a system account refresh. Something like: gbch-uchange –R # update the btufiles against any new additions/deletions in the system password file gbch-uchange –remove <username> # remove a particular user entry gbch-uchange –remove –f <file_list> # where file_list would contain entries of multiple users to be removed from btufile I realize this will be a mess for sites with large NIS/AD user lists that are used as a basis for the btufiles population. Possibly some additional modification flags for the AD sites may help control the btufile population. gbch-uchange –R –exclude <AD-tag1,AD-subdomain,something> -include <AD-tag2, something2> Would also be nice if the gbch-xuser/gbch-xmuser would support account removals. I take it using gbch-xuser/gbch-xmuser would not be able to add a particular new user as gbch-uchange is necessary to get the new account entry into the btufiles to start with. Mark Deiss System Analyst Education Solutions ACS Education Solutions, LLC, A Xerox Company 12410 Milestone Center Drive Germantown, MD USA 20876 p 240.686.2666 f 240.686.2857 www.xerox.com/businessservices |
[Prev in Thread] | Current Thread | [Next in Thread] |