|Applies To||RSA Product Set : SecurID|
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
Platform : SUSE Enterprise Linux
O/S Version : 11 Service Pack 3
|Issue||An administrator has a requirement to use an SQL statement to list the administrator's User ID and their roles in RSA Authentication Manager 8.1.|
|Tasks||Generating a report listing administrators and their roles for all identity sources at the command line.|
rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil manage-readonly-dbusers -a create -o ocadmin -u mbell -i 192.168.41.234 -n 255.255.255.0
SQL statement (also attached):
select ipd.LOGINUID,ipd.IDENTITY_SRC_KEY,iis.NAME,iar.NAME from RSA_REP.IMS_PRINCIPAL_DATA ipd inner join RSA_REP.IMS_IDENTITY_SOURCE iis on iis.ID = ipd.IDENTITY_SRC_ID inner join RSA_REP.IMS_PRINCIPAL_ADMIN_ROLE ipar on ipar.PRINCIPAL_ID = ipd.ID inner join RSA_REP.IMS_ADMIN_ROLE iar on iar.ID = ipar.ADMIN_ROLE_ID;
|Resolution||The rsa-am-extras-22.214.171.124.0.zip file part of the RSA Authentication Manager 8.1 product download contains the Developer Guide which provides information on SQL access to the RSA Authentication Manager database.|
In short, the administrator is required to create a read-only user to access the authentication manager database, create an SQL script file with the SQL statement at the command line and run an rsautil command at the command line to generate the report. Refer to the tasks section for the steps.
Alternatively, an administrator could write an SQL application that runs the SQL statement on a remote workstation using the samples provided in the Developer Guide.
|Notes||Where customers have a requirement to generate reports where the reporting templates in the Security Console do not meet their requirements then the customer can engage RSA Professional Services to see if writing an SQL script will help meet the requirement.|
Customers can contact RSA Professional Services through RSA Sales; use URL http://www.emc.com/domains/rsa/index.htm, change the region at the top of the page and select contact us.