I would like to get the security group of the user in a Maximo automation script so I can compare it. I need to know if the user in in MaxAdmin or UserUser group to execute the reste of my script. My scripts are in Python
how could I get that Info?
There are some implicit variables available to you in an automation script (check the IBM Automation Script guide), one of which is the current user's username. There is also the :&USERNAME& special bind variable that gets replaced with the current username. You can use one of those as part of the query to fetch a GroupUser MBO and then check the count of it afterward.
I'm going off of memory here so the exact names and syntax probably differ, but something like:
groupUserSet = MXServer.getMXServer().getMboSet("GROUPUSER", MXServer.getMXServer().getSystemUserInfo())
groupUserSet.setWhere("userid = :&USERNAME& and groupname in ('MAXADMIN', 'USERUSER')")
# Not really needed.
groupUserSet.reset()
if groupUserSet.count() > 0:
# The current user is in one of the relevant groups.
else:
# The current user is not in one of the relevant groups.
groupUserSet.close()
It's worth noting that the kinds of things tied to logic like this usually don't need an automation script. Usually conditional expressions, normal security permissions or reports can do what you need here instead. Even when an automation script like this is needed, you still should not do it based on group alone, but based on whether the user has a certain permission or not.
EDIT
To do this with permissions, you would add a new sigoption to the app with an id along the lines of "CANCOMPPERM" (with a more verbose description) and grant it to those two groups. Make sure everyone in those groups logs out at the same time (so nobody in those two groups are logged into the system at a given point) or else the permission cache will not update. Your code would then look something like this:
permissionsSet = MXServer.getMXServer().getMboSet("APPLICATIONAUTH", MXServer.getMXServer().getSystemUserInfo())
permissionsSet.setWhere("optionname = 'CANCOMPPERM' and groupname in (select groupname from groupuser where userid = :&USERNAME& )")
# Not really needed.
permissionsSet.reset()
if permissionsSet.count() > 0:
# The current user has the necessary permission.
else:
# The current user does not have the necessary permission.
permissionsSet.close()
I think there are even some helper methods in Maximo's code base that you can call to do the above for you and just return a true/false on if the permission is granted or not.
I have a Zebra RFD8500 here and I connected to it via the terminal. I am trying to use the ZETI command read to access epc's, but it does not read anything.
But if I use the ZETI command inventory it finds all the tags around.
Anyone knows how to use the read command properly? Also is there some kind of filter per default on?
I am using the developer example on page 174 Link to PDF
Not sure if you solved this problem, but I couldn't find anything else via Google. I had the same problem with using read in ZETI (Zebra RFD8500). The Zebra tech support told me that to use access operations like read and write, you have to turn off dynamic power (which I think is on by default).
Unfortunately, I am not using the iOS API/SDK (writing a custom one for another device), but here's the gist of what you'd be doing:
Turn off dynamic power
Do an inventory
Read some memory bank, like the EPC bank. Optionally, you can also specify access criteria to single out a tag.
To test how this worked in ZETI, I screened into the RFD8500 (on my Mac, doing ls /dev/tty.RFD* lists several ttys, I chose the one ending in "-R"):
screen /dev/tty.RFD8500{long number}-R
Then I issued these commands:
dp .disable
in
rd
Commands:
dp = setdynamicpower
in = inventory
rd = read
After issuing "rd", you should be able to see the user memory banks (the default bank for the "rd" command).
I've been googling for quite a long time and I just can't find any information on how to get screen_number for every screen connected to computer. Here I found a list of macros and some of them (like for example ScreenOfDisplay(display, screen_number) ) use argument screen_number. However there is no such macro that could give me a list of those numbers (one for every connected screen). I know how to get number of default screen (DefaultScreen() ) and count of all screens ( ScreenCount() ) but what about other screens? I noticed that screen_number of default screen is 0, although I have only one screen connected to my computer so I can't really test what happens when there are more of them. I think that screen_number could be assigned in a very simple way which is screen_number=0 for first screen,screen_number=1 for second,screen_number=2 for third and so on but as I said... I can't test wheather it's true and even if I had multiple screens how could I be sure that it works like this for all computers .Please ,if anyone of you has more experience with X11 and knows all details about how it works,tell me if I am right.
The ScreenCount(dpy) macro and int XScreenCount(Display*) function both return the number of screens connected to the display. Valid screen numbers are 0 to ScreenCount(dpy)-1. Macros in Xlib.h confirm:
#define ScreenCount(dpy) (((_XPrivDisplay)dpy)->nscreens)
#define ScreenOfDisplay(dpy, scr) (&((_XPrivDisplay)dpy)->screens[scr])
Your source (2.2.1. Display Macros) provides enough information. Normally the default screen-number is 0, e.g., when connecting to the local host you could use :0.0 as indicated in the documentation for XOpenDisplay.
That is "normally". If you run VNC, normally that runs on a different display (the first 0 in the simple connection string shown).
But (reading the documentation), when an application calls XOpenDisplay, it asks for the given screen-number (which the X server may/may not honor):
screen_number
Specifies the screen to be used on that server. Multiple screens can be controlled by a single X server. The screen_number sets an internal variable that can be accessed by using the DefaultScreen() macro or the XDefaultScreen() function if you are using languages other than C (see "Display Macros").
once again I appeal to your help. More to the experts in the Inno Setup code.
I've tried several ways. But without success.
I need to block the installation of my application to users (entering in session of the operating system) with the username: EX?????
Ie. if the username is:
Ennnnnn -> OK
EXnnnnn -> No permission
(n is a number)
Can you help me. Thank you.
I've tried several ways. But without success.
Show us some code. What have you tried so far? Anyway..
How to block installation, in case a certain username is used?
In order to get the username:
The manual lists the available constants http://www.jrsoftware.org/ishelp/index.php?topic=consts You will find {username} there, which is the name of the user who is running Setup or the Uninstall program.
You can also return the username by using the GetUserNameString() function.
It returns the name of the user currently logged onto the system.
http://www.jrsoftware.org/ishelp/topic_isxfunc_getusernamestring.htm
For the comparison:
You might work with the string functions to make sure, that a username does not start with "EX".
The function Pos() might help you http://www.jrsoftware.org/ishelp/topic_isxfunc_pos.htm .
And you could also use Copy(), to copy the first two chars and compare them
Prefix := Copy(GetUserNameString(), 0, 2);
Usually I connect to a database with R using JDBC/ODBC driver. A typical code would look like
library(RJDBC)
vDriver = JDBC(driverClass="com.vertica.jdbc.Driver", classPath="/home/Drivers/vertica-jdbc-7.0.1-0.jar")
vertica = dbConnect(vDriver, "jdbc:vertica://servername:5433/db", "username", "password")
I would like others to access the db using my credentials but I want to protect my username and password. So I plan save the above script as a "Connections.r" file and ask users to source this file.
source("/opt/mount1/Connections.r")
If I give execute only permission to Connections.r others cannot source the file
chmod 710 Connections.r
Only if I give read and execute permission R lets users to source it. If I give the read permission my credentials will be exposed. Is there anyways we could solve this by protecting user credentials?
Unless you were to deeply obfuscate your credentials by making an Rcpp function or package that does the initial JDBC connection (which won't be trivial) one of your only lighter obfuscation mechanisms is to store your credentials in a file and have your sourced R script read them from the file, use them in the call and them rm them from the environment right after that call. That will still expose them, but not directly.
One other way, since the users have their own logins to RStudio Server, is to use Hadley's new secure package (a few of us sec folks are running it through it's paces), add the user keys and have your credentials stored encrypted but have your sourced R script auto-decrypt them. You'll still need to do the rm of any variables you use since they'll be part of environment if you don't.
A final way, since you're giving them access to the data anyway, is to use a separate set of credentials (the way you phrased the question it seems you're using your credentials for this) that only work in read-only mode to the databases & tables required for these analyses. That way, it doesn't matter if the creds leak since there's nothing "bad" that can be done with them.
Ultimately, I'm as confused as to why you can't just setup the users with read only permissions on the database side? That's what role-based access controls are for. It's administrative work, but it's absolutely the right thing to do.
Do you want to give someone access, but not have them be able to see your credentials? That's not possible in this case. If my code can read a file, I can see everything in the file.
Make more accounts on the SQL server. Or make one guest account. But you're trying to solve the problem that account management solves.
Have the credentials sent as command arguments? Here's an example of how one would do that:
suppressPackageStartupMessages(library("argparse"))
# create parser object
parser <- ArgumentParser()
# specify our desired options
# by default ArgumentParser will add an help option
parser$add_argument("-v", "--verbose", action="store_true", default=TRUE,
help="Print extra output [default]")
parser$add_argument("-q", "--quietly", action="store_false",
dest="verbose", help="Print little output")
parser$add_argument("-c", "--count", type="integer", default=5,
help="Number of random normals to generate [default %(default)s]",
metavar="number")
parser$add_argument("--generator", default="rnorm",
help = "Function to generate random deviates [default \"%(default)s\"]")
parser$add_argument("--mean", default=0, type="double", help="Mean if generator == \"rnorm\" [default %(default)s]")
parser$add_argument("--sd", default=1, type="double",
metavar="standard deviation",
help="Standard deviation if generator == \"rnorm\" [default %(default)s]")
# get command line options, if help option encountered print help and exit,
# otherwise if options not found on command line then set defaults,
args <- parser$parse_args()
# print some progress messages to stderr if "quietly" wasn't requested
if ( args$verbose ) {
write("writing some verbose output to standard error...\n", stderr())
}
# do some operations based on user input
if( args$generator == "rnorm") {
cat(paste(rnorm(args$count, mean=args$mean, sd=args$sd), collapse="\n"))
} else {
cat(paste(do.call(args$generator, list(args$count)), collapse="\n"))
}
cat("\n")
Sample run (no parameters):
usage: example.R [-h] [-v] [-q] [-c number] [--generator GENERATOR] [--mean MEAN] [--sd standard deviation]
optional arguments:
-h, --help show this help message and exit
-v, --verbose Print extra output [default]
-q, --quietly Print little output
-c number, --count number
Number of random normals to generate [default 5]
--generator GENERATOR
Function to generate random deviates [default "rnorm"]
--mean MEAN Mean if generator == "rnorm" [default 0]
--sd standard deviation
Standard deviation if generator == "rnorm" [default 1]
The package was apparently inspired by the python package of the same name, so looking there may also be useful.
Looking at your code, I'd probably rewrite it as follows:
library(RJDBC)
library(argparse)
args <- ArgumentParser()
args$add_argument('--driver', dest='driver', default="com.vertica.jdbc.Driver")
args$add_argument('--classPath', dest='classPath', default="/home/Drivers/vertica-jdbc-7.0.1-0.jar")
args$add_argument('--url', dest='url', default="jdbc:vertica://servername:5433/db")
args$add_argument('--user', dest='user', default='username')
args$add_argument('--password', dest='password', default='password')
parser <- args$parse_args
vDriver <- JDBC(driverClass=parser$driver, parser$classPath)
vertica <- dbConnect(vDriver, parser$url, parser$user , parser$password)
# continue here
Jana, it seems odd that you are willing to let the users connect via R but not in any other way. How is that obscuring anything from them?
I don't understand why you would not be satisfied with a guest account that has specific SELECT-only access to certain tables (or even views)?