Managing Users and User Groups Using the CLI

You can create users and user groups, assign/unassign user groups to/from a user, and delete users and user groups.

Creating a User, User Group, or User Role Using CLI

Call up

  • Interactive mode

    startcli [-u <user account>] [-p <password>]
...
create [--useradd|--groupadd]|--roleadd] <option> <arg>

  • Script mode

    startcli --execCommand "create [--useradd|--groupadd]|--roleadd] <option> <arg>"

Command options

Option Sub-option Description

-h,--help

Displays the usage

-cug,--groupadd <name>

Create a new Process Engine user group

--parentgroup <arg>

Parent group of a new Process Engine user group

-cu,--useradd <name>

Create a new Process Engine user

--email <e_mail>

E-mail address of the new Process Engine user

--group <name>

User group of the new Process Engine user

--password <arg>

Password of the new Process Engine user

--processrole <arg>

Optional: Process role of the new Process Engine user

--role <arg>

Role of the new Process Engine user

-cur, --roleadd <name>

Create a new process engine user role

--basedon <arg>

Role that the new user role to be created is based on

-o, --option

Flag whether to list existing user roles that can be considered for the new user role to be based on. Option for creating new Process Engine user role in an interactive mode.

All options except `--processrole, --basedon, and --option `are mandatory.

Example

  • Interactive mode

    create -cug inubit_group --parentgroup admin
create --useradd inubit --email inubit@virtimo.de --password f1(oE08=a- --processrole "team member" --role "EAI Developer" --group inubit_group
create --roleadd newRole --basedon 'SOA Developer'
create --roleadd newRole --option
Please select 'Based on' role
1 -- Project Lead
2 -- EAI Developer
3 -- Business Analyst
4 -- System Administrator
5 -- SOA Developer
6 -- Unconfigured Role

  • Script mode

    startcli -u root --execCommand "create -cug inubit_group --parentgroup admin"
startcli -u root --execCommand "create --useradd inubit --email inubit@virtimo.de --password f1(oE08=a- --processrole 'team member' --role 'EAI Developer' --group inubit_group"
Command for creating role based on an existing role:
startcli -u root --execCommand "create --roleadd newRole --basedon ‘Project Lead’"
Command for creating empty role:
startcli -u root --execCommand "create --roleadd newRole"

Display User Information Using CLI

Call up

  • Interactive mode

    startcli [-u <user account>] [-p <password>]
...
finger <log in>

  • Script mode

    startcli --execCommand "finger <log in>"

Example

  • Interactive mode

    finger inubit

  • Script mode

    startcli --execCommand "finger inubit"

Return value

Login: inubit
Email: inubit@127.0.0.1
Role: EAI Developer

Setting a User Group Using CLI

Usage

Sets the primary user group and additional user groups for a user.

Call up

user [--setGroup] [--setAdditionalGroups] [--addAdditionalGroups] [--removeAdditionalGroups]

Command options

Option Description

-h,--help

Display help

user <Username>

Returns the current group memberships of a user. If a username is not specified, the group memberships of the current user are displayed.

user --setGroup <user group> <user name>

Set the primary user group for a user. If no username is specified, the user group for the user who is logged in is set.

user --setAdditionalGroups <user group> <user name>

Set the additional user group(s) for a user. If no username is specified, the additional user group(s) for the user who is logged in are set.

You can use the commands --setGroup and --setAdditionalGroups in a call. You separate multiple additional user groups with a comma with no spaces. All existing user groups are replaced by the specified user groups.

user --addAdditionalGroups <user group> <user name>

Add additional user groups to a user.

You separate multiple additional user groups with a comma without any spaces. All existing user groups remain.

user --removeAdditionalGroups <user group> <user name>

Removes additional user groups of a user

You separate multiple additional user groups with a comma without any spaces. All user groups not listed remain.

Setting Passwords Using CLI

Call up

  • Interactive mode

    startcli [-u <user account>] [-p <password>]
...
passwd [--password newPassword | --encryptedPassword newEncryptedPassword] [username]

    If you execute the passwd command without any option/argument, you can change the password of the user logged in.

  • Script mode

    startcli --execCommand "passwd [--password newPassword|--encryptedPassword newEncryptedPassword] [username]"

Only in interactive mode the new password is hidden.

Command options

Option Description

-h,--help

Displays the usage

-p,--password <arg>

New password as plain text

-e,--encryptedPassword <arg>

New password as encrypted string Refer to Encrypting User Names and Passwords via CLI.

Example

  • Interactive mode

    • Changing the password for user inubit to a plain text password

      passwd --password 9f46r}Kp{] inubit

    • Changing the password for user inubit to an encrypted password

      passwd -e AES-RGSLnzag0+JntHrcQ16ovg== inubit

    • Changing the password for user inubit.

      The user logged in is prompted to enter the new password. The password is not displayed on the screen.

      passwd inubit

  • Script mode

    • Changing the password for user inubit to a plain text password

      startcli -u root --execCommand "passwd --password 9f46r}Kp{] inubit"

    • Changing the password for user inubit to an encrypted password

      startcli -u root --execCommand "passwd -e AES-RGSLnzag0+JntHrcQ16ovg== inubit"

    • Changing the password for user inubit. At first, the user is prompted to enter the root password. Then the root user is prompted to enter the new password for user inubit. The passwords are not displayed on the screen.

      startcli -u root --execCommand "passwd inubit"

Encrypting User Names and Passwords via CLI

Usage

Encrypts a character string in accordance with the format used by the password properties in the INUBIT configuration files.

Encrypted usernames and passwords are decrypted and transmitted unencrypted before communication between the Workbench and the Process Engine. If usernames and passwords should be transmitted encrypted, you have to use the HTTPS protocol.

Example

The encrypted database password is specified in the file ibis.xml.

The encryption is done by AES, and the encoding is Base64.

Call up

startcli --encryptString MyPassword AES-/wtsExz+GiSo3EcoXUu1nQ==

If you specify an encrypted username or an encrypted password in a configuration file, you must set the attribute encrypted="true".

If you specified an unencrypted database password in the configuration file ibis.xml, it will be automatically encrypted with the first server start and replaced by the encrypted password. The attribute encrypted="true" is set automatically.

The file <inubit-installdir>/server/ibis-root/conf/logsDBConfig.xml contains the access data for the log database. The username and password can be specified encrypted. If you have specified an encrypted username and/or an encrypted password, you need to set the attribute="true" for the respective parameter.

Deleting a User or a User Group Using CLI

Call up

  • Interactive mode

    startcli [-u <user account>] [-p <password>]
...
delete <option> <arg>

  • Script mode

    startcli --execCommand "delete <option> <arg>"

Command options

Option Description

-h,--help

Displays the usage

--deleteUser <arg>

Remove the user with given name

--deleteUserGroup <arg>

Remove the user group with given name

Example

  • Interactive mode

    delete --deleteUser inubit

  • Script mode

    startcli -u jh -p inubit --execCommand "delete --deleteUser inubit"
Press Esc to exit full screen
Modal image placeholder
Press Esc to exit full screen