RSA Product/Service Type: Authentication Manager Bulk Administration (AMBA)
The action that will be used is change the user security domain (CUSD). From page 63 of the RSA Authentication Manager 8.4 Bulk Administration Utility (AMBA) Guide:
Change User/Token Security Domain
| Action | CUSD |
| Required Fields | DefLogin, DestinationSecurityDomain |
| Optional Fields | MiscVariable, IndetitySource, SecurityDomain, SubDomain, Limit |
If Security Domain and Identity Source are not provided, then the default identity source (Internal Database) and the default security domain (System Domain) will be used.
DefLogin:
If DefLogin contains an entry, that specific user account will be moved. If Deflogin contains the value "<all>" (without the quotes) all user accounts will be moved to the DestinationSecurityDomain. Case is not significant for <all>.
DestinationSecurityDomain:
This variable is used to declare the security domain to move the user account to and it must already exist in the Authentication Manager database.
Processing the AMBA text file
- Prepare the .csv or .txt, adding the columns with headers of the defined functions fields listed in the RSA Authentication Manager 8.4 Bulk Administration Utility (AMBA) Guide.
- Logon with the rsaadmin account and enter the rsaadmin password when prompted
- Copy the file to the Authentication Manager directory.
- Run the file using the command used in the /opt/rsa/am/utils directory:
./rsautil AMBulkAdmin -i <filename>.csv -a [superadmin] -P ‘[password]’
Change the security domain to a new security domain
There is an optional field called SecurityDomain that has a default value of SystemDomain. Because that is the default value for the field, so in this case you do not need to include it when moving users from SystemDomain to another security domain.
The syntax is:
action,DefLogin,DestinationSecurityDomain
CUSD,<userid>,<newdomain>
For example,
rsaadmin@alaa:/tmp> cat text.csv
cif,action,Deflogin,DestinationSecurityDomain
CUSD,rbauser,newsubdomain
CUSD,restrict,newsubdomain
Change the security domain to the SystemDomain
This example changes the users domain back to the SystemDomain, which is the default domain.
The value of the current domain must be specified in the .txt or .csv file, as the default value of this header will be SystemDomain.
If the value is not specified, the function will not work because the system will read the file as moving the users from SystemDomain to SystemDomain.
The function will be:
action,DefLogin,DestinationSecurityDomain,SecurityDomain
CUSD,<userid>,SystemDomain,<currentdomain>
For example,
rsaadmin@alaa:/tmp> cat text.csv
action,Deflogin,DestinationSecurityDomain,SecurityDomain
CUSD,rbauser,SystemDomain,newsubdomain
CUSD,restrict,SystemDomain,newsubdomain
As shown here, the security domain has changed from newsubdomain back to SystemDomain:
This option is used to control weather or not tokens will be moved.
The possible values for MiscVariable are:
IfDefLogin contains a userID:
0 - Move tokens assigned to specific user
1 - Do not move any tokens assigned to the specific user.
