Command Line Interface - User Administration and Security

Table of Contents

Logging On to the CommServe

To run command line operations, you must first login to the CommServe.

From Command prompt, navigate to <Software_Installation_Directory>/Base and run the following command:

qlogin -cs <commserve name> -u <user name>

For example, to log on to CommServe 'server1' with username 'user1':

qlogin -cs server1 -u user1

Enabling Privacy at the CommCell Level

The Prevent admin access to user data check box can be set from the command line. For more information on the Privacy feature, see Enabling Privacy.

If the Prevent admin access to user data check box is cleared, locked clients remain locked but no new clients can be locked. Setting the preventAdminAccessToUserData parameter to false will not unlock previously locked clients.

  1. Download the set_prevent_admin_access.xml file and save it on the computer from where the command will be executed.
  2. Execute the following command from the <Software_Installation_Directory>/Base folder.

    qoperation execute -af set_prevent_admin_access.xml

Managing Users

The following sections describe the steps to manage users from the command line.

Creating a User

  1. Download the create_user_template.xml file and save it on the computer from where the command will be executed.
  2. Execute the following command from the <Software_Installation_Directory>/Base folder after updating the XML parameters using the Available Command Parameters table for reference.

    qoperation execute -af create_user_template.xml -userName xxxxx -password xxxxx -fullName 'xxxxx' -userGroupName xxxxx -email xxxxx -description 'xxxxx'

Modifying a User

  1. Download the modify_user_template.xml file and save it on the computer from where the command will be executed.
  2. Execute the following command from the <Software_Installation_Directory>/Base folder after updating the XML parameters using the Available Command Parameters table for reference.

    qoperation execute -af modify_user_template.xml -userName xxxxx -enableUser true -agePasswordDays xx -password xxxxx -fullName 'xxxxx' -userGroupName xxxxx -email xxxxx -description 'xxxxx'

    Example

    To disassociate a user group, execute the following command after substituting the parameter values.

    qoperation execute -af modify_user_template.xml -userName myuser -associatedUserGroupsOperationType DELETE -userGroupName usergroup

Associating an External User to a CommCell Group

One or more users from a external domain can be associated to a user group. This is useful when you want to add a specific domain user to a CommCell group, instead of associating the entire domain, or external group. In order to accomplish this operation, the domain must be already configured in the CommCell.

By default, a domain user does not become a registered CommCell user until he/she logs on to the CommCell Console for the first time. Based on this criteria, use one of the following procedures:

When a domain user is associated to a user group, the CommCell starts to display the domain user under the CommCell Users and <user group> nodes in the CommCell browser. If you want to undo these display changes, see Disabling the Ability to Associate Domain User to a CommCell Group.

If the domain user never logged on to the CommCell

This procedure is very similar to the one for creating CommCell users, with the difference that you only need to specify the user name (in the domain\user format), and the CommCell group to associate the user.

  1. Download the create_user_template.xml file and save it on the computer from where the command will be executed:
  2. Execute the following command from the <Software_Installation_Directory>/Base folder after substituting the parameter values below.

    qoperation execute -af create_user_template.xml -userName xxxx\xxxx -userGroupName xxxxx

If the domain user already logged on to the CommCell

This procedure is very similar to the one for modifying the properties of a CommCell user, with the difference that you only need to specify the user name (in the domain\user format), and the CommCell group to associate the user.

  1. Download the modify_user_template.xml file and save it on the computer from where the command will be executed.
  2. Execute the following command from the <Software_Installation_Directory>/Base folder after substituting the parameter values below.

    qoperation execute -af modify_user_template.xml -userName xxxx\xxxx -userGroupName xxxxx

Getting User Properties

  1. Download the get_user_template.xml file and save it on the computer from where the command will be executed.
  2. Execute the following command from the <Software_Installation_Directory>/Base folder after substituting the parameter values below.

    qoperation execute -af get_user_template.xml -userName xxxxx

Deleting a User

  1. Download the delete_user_template.xml file and save it on the computer from where the command will be executed.
  2. Execute the following command from the <Software_Installation_Directory>/Base folder after substituting the parameter values below.

    qoperation execute -af delete_user_template.xml -userName xxxxx

Available Command Parameters

The following table displays all the parameters you can use with the commands mentioned in the sections above.

Parameter Description and Parameter Values
agePassword Number of days to keep the password active
associatedUserGroupsOperationType Modification type. Valid values are:
  • ADD, to associate new user groups.
  • OVERWRITE, to overwrite the existing user groups with new use groups.
  • DELETE, to delete one or more user groups.
description A general description of the user account
email Email of the user
enableUser Option to enable/disable the user.

Valid values are True/False.

fullName Full name of the user
password A plain text password to access the user account
userGroupName Name of the user group to be associated. If you plan to associate more than one user group, add the following line in the XML file to specify each user group:

<userGroupName>user_group</userGroupName>

userName Name of the user

Managing User Groups

The following sections describe the steps to manage user groups from the command line.

Creating a User Group

  1. Download the create_usergroup_template.xml file and save it on the computer from where the command will be executed.
  2. Open the .xml file and update the XML parameters using the Available Command Parameters table for reference.
  3. Execute the following command from the <Software_Installation_Directory>/Base folder after updating the XML parameters.

    qoperation execute -af create_usergroup_template.xml

Modifying a User Group

  1. Download the modify_usergroup_template.xml file and save it on the computer from where the command will be executed. This XML is useful if you want to assign or remove capabilities, users and other CommCell entities.
  2. Open the .xml file and update the XML parameters using the Available Command Parameters table for reference.
  3. Execute the following command from the <Software_Installation_Directory>/Base folder after updating the XML parameters.

    qoperation execute -af modify_usergroup_template.xml

    You can also specify XML parameters in the command above to perform quick modifications. See the following examples:

    Example 1

    To delete a specific capability, execute the following command after substituting the parameter values.

    qoperation execute -af modify_usergroup_template.xml -userGroupName myUserGroup -capabilitiesOperationType DELETE -capability capability_name

    Example 2

    To add a new user to the group, execute the following command after substituting the parameter values.

    qoperation execute -af modify_usergroup_template.xml -userGroupName myUserGroup -userName user1

    Example 3

    To add a storage policy, execute the following command after substituting the parameter values.

    qoperation execute -af modify_usergroup_template.xml -userGroupName myUserGroup -storagePolicyName sp_name

Getting User Group Properties

  1. Download the get_usergroup_template.xml file and save it on the computer from where the command will be executed.
  2. Execute the following command from the <Software_Installation_Directory>/Base folder after substituting the parameter values.

    qoperation execute -af get_usergroup_template.xml -userGroupName xxxxx

    If you want to adjust the amount of property information being displayed, use the 'level' parameter to specify the property level (see Available Command Parameters table for reference). For example, if you want to list only basic properties, execute the following command:

    qoperation execute -af get_usergroup_template.xml -userGroupName xxxxx -level BasicProperties

Listing All User Groups

  1. Download the list_usergroup_template.xml file and save it on the computer from where the command will be executed.
  2. Execute the following command from the <Software_Installation_Directory>/Base folder to list all user groups along with all their properties.

    qoperation execute -af list_usergroup_template.xml

    If you want to adjust the amount of property information being displayed, use the 'level' parameter to specify the property level (see Available Command Parameters table for reference). For example, if you want to list only basic properties, execute the following command:

    qoperation execute -af list_usergroup_template.xml -level BasicProperties

Deleting a User Group

The following sections describe the steps to create a cluster group client.

  1. Download the delete_user_group_template.xml file and save it on the computer from where the command will be executed.
  2. Execute the following command from the <Software_Installation_Directory>/Base folder after substituting the parameter values.

    qoperation execute -af delete_user_group_template.xml -userGroupName xxxxx

Available Command Parameters

The following table displays all the parameters you can use with the commands mentioned in the sections above.

Parameter Description and Parameter Values
allCapabilities Option to assign all capabilities to the user group.

Valid values are True/False.

allAssociations Option to associate all CommCell objects (such as clients, libraries, storage policies, etc)  to the user group.

Valid values are True/False.

associations/<entity> Name of the CommCell entity to be associated with the user group.

The XML file provided in this document defines the client computer association. If you want to associate a different entity, open the .xml file and add the following lines under the <associations> node for the entity you want to associate:

For MediaAgents

<mediaAgentName></mediaAgentName>

For Libraries

<libraryName></libraryName>

For Storage Policies

<storagePolicyName></storagePolicyName>

For Client Groups

<clientGroupName></clientGroupName>

associationsOperationType Modification type. Valid values are:
  • ADD, to associate new CommCell entities.
  • OVERWRITE, to overwrite the existing CommCell entities with the new CommCell entities.
  • DELETE, to delete one or more CommCell entities.
capability Name of the function which users will be performing within the CommCell. To add more than one capability, open the .xml file and add the following block for each capability:

<capabilities>
  <capability></capability>
</capabilities>

The following are valid capability values:

  • ADMINISTRATIVE_MANAGEMENT
  • AGENT_MANAGEMENT
  • AGENT_SCHEDULING
  • ALERT_MANAGEMENT
  • ANNOTATION_MANAGEMENT
  • BROWSE
  • BROWSE_AND_IN_PLACE_RECOVER
  • BROWSE_AND_OUT_OF_PLACE_RECOVER
  • COMPLIANCE_SEARCH
  • DATA_PROTECTION_OPERATIONS
  • DOWNLOAD
  • ENDUSER_SEARCH
  • FILESHARE
  • FULL_MACHINE_RECOVERY_OUTOFPLACE
  • FULLRECOVERY
  • INSTALLATION
  • JOB_MANAGEMENT
  • LEGAL_HOLD_MANAGEMENT
  • LIBRARY_ADMINISTRATION
  • LIBRARY_MANAGEMENT
  • LICENSE_MANAGEMENT
  • LIVEBROWSE
  • MANAGEDOWNLOADCENTER
  • MEDIAAGENT_MANAGEMENT
  • REPORT_MANAGEMENT
  • STORAGE_POLICY_MANAGEMENT
  • TAG_MANAGEMENT
  • UPLOAD
  • USER_MANAGEMENT
  • VAULTTRACKER_OPERATIONS
  • VIEW

For information on the supported operations/tasks for the above capabilities, see Capabilities and Permitted Actions.

capabilitiesOperationType Modification type. Valid values are:
  • ADD, to associate new capabilities.
  • OVERWRITE, to overwrite the existing capabilities with the new capabilities.
  • DELETE, to delete one or more capabilities.
description A general description of the user group
enabled Option to enable/disable the user group.

Valid values are True/False.

level The property level information that you want to display when listing user groups. When no property level is specified, all properties are returned by default. Valid values are:
  • ListOnly, to list the user group name without its property information.
  • BasicProperties, to list the user group name along with its basic properties.
  • ExtendedProperties, to list the user group name along with its basic and extended properties.
  • AllProperties, to list the user group name along with all its properties.
userGroupName Name of the user group
userName Name of the user to be associated with the user group. If you plan to associate more than one user, open the .xml file and add the <users> node for every user you want to specify:

<users>
    <userName>USER1</userName>
</users>
<users>
    <userName>USER2</userName>
</users>

usersOperationType Modification type. Valid values are:
  • ADD, to associate new users.
  • OVERWRITE, to overwrite the existing users with the new users.
  • DELETE, to delete one or more users.