husrmgr Command-User Manager

The husrmgr command is a toolkit for the administrator who needs to maintain the user profile in . The User Manager utility provides these user maintenance functions: import user, delete user, rename user, update user, force change password, and remove a user from usergroup.
cahscm140
The husrmgr command is a toolkit for the administrator who needs to maintain the user profile in 
CA Harvest SCM
. The User Manager utility provides these user maintenance functions: import user, delete user, rename user, update user, force change password, and remove a user from usergroup.
  • By default the program performs the import user mode.
  • You can activate the delete user mode by specifying the -du (delete user) option.
  • You can activate the update user mode by specifying the -ow (overwrite) option.
  • You can activate the rename user mode by specifying the -nn (rename) option with -ow (overwrite) option.
  • You can activate the change password on next login flag for all created and updated users by specifying the -cpw (change password) option.
  • You can remove the usergroup association for the user by specifying the -rug (remove user group) option.
The format of the data files depends on the combination of options used.
An easy way to create the data file is by using Microsoft Excel. Enter the data in Excel and then save it to a file using the Save As, Text (Tab delimited) (*txt) option.
Examples: husrmugr command
To create a user with username and password (required), define the user properties, and belonging to the user groups Developer, Development Manager, and Super User, use the following command:
JoeS<tab>MightyJoe<tab>Joe Smith<tab>(123)456-7890<tab><tab>(098)765-4321<tab>[email protected]<tab>Developer<tab>Development Manager<tab>Super User
To create a user with username and password (required), belonging to only the user group Public (automatic), use the following command:
JoeS<tab>MightyJoe
To create a user and add this user to the Developer group, use the following command:
JoeS<tab>MightyJoe<tab><tab><tab><tab><tab><tab><tab>Developer
To clear fields in a user profile file, if you are using the following command:
husrmgr -b 
broker
 -usr 
username
 -pw 
password
 -ow 
filename
and the 
filename
 file contains the following:
john22<tab><tab>
[clear]
<tab>
[clear]
<tab>1234<tab><tab><tab><tab>
you get the following results for user john22:
  • Password is unchanged.
  • Real Name is cleared.
  • Phone Number is cleared.
  • Phone Extension is changed to 1234.
  • Fax Number is unchanged.
  • Email is unchanged.
  • Note is unchanged.
If you are using the following command:
husrmgr -b 
broker
 -usr 
username
 -pw 
password
 -ow 
-
cf [EMPTY] 
filename
and the 
filename
 file contains the following:
john22<tab><tab>[EMPTY]<tab>[EMPTY]<tab>1234<tab><tab><tab><tab>
you get the following results for user john22:
  • Password is unchanged.
  • Real Name is cleared.
  • Phone Number is cleared.
  • Phone Extension is changed to 1234.
  • Fax Number is unchanged.
  • Email is unchanged.
  • Note is unchanged.
This command has the following format:
husrmgr {-b 
name
} {-usr 
username
 -pw 
password
} [-dlm 
symbol
] [-ow [-nn]
 [
-
cf
 
clear_field
]]  [-du] [-cpw] [-rug] [-v] [-prompt] [-i 
inputfile.txt
 |
 
-
di
 
inputfile.txt
] [-eh 
filename
] [-o
 filename
 | -oa 
filename
] [-swl Y|N ] [-ad Y|N ] [-ae Y|N ] [-arg] [-wts] [-h] 
filename
 
  • -b 
    name
    (Required) Specifies the 
    CA Harvest SCM
     broker name.
  • -usr 
    username
    (Required, unless -prompt is specified) Specifies the user name for login to the broker. If -usr is defined without -pw, the user is prompted for the password at runtime.
  • -pw 
    password
    (Required, unless -prompt is specified) Specifies the password for login to the broker. To hide the password from being exposed in plain text on the command line, use the -prompt option.
  • -dlm 
    symbol
    (Optional) Specifies the symbol to use as the delimiter. The default symbol for delimiter is a tab.
  • -ow
    (Optional) Specifies to activate the update user mode that enables administrators to overwrite existing user data. If the -ow option is not specified, existing user data will not change. If the password conflicts with current password policy, an error will occur.
  • -nn
    (Optional) Specifies that user names can be changed. This parameter lets an administrator change the user name of an existing user object to another user name. This parameter must be used in conjunction with overwrite (-ow) mode.
  • -cf 
    clear_field
    (Optional) Defines the literal used in the file format to clear a field's value. You can use this option to change the default literal used to clear a field's value. This option must be used in conjunction with the -ow option.
    When updating user profiles, if a particular field value is provided in the input file, the corresponding field's value in the user profile is replaced with the new one from the file. If no value is provided for a particular field in the input file, the field's value remains unmodified in the user profile.
    When the 
    clear_field
     literal is used as a value in the input file, the corresponding field's value is cleared in the user profile.
    Default:
     [clear]
    The value of the -cf option is case-sensitive.
  • -du
    (Optional) Specifies to activate the delete user mode that enables administrators to delete user data.
  • -cpw
    (Optional) Specifies that all created and updated users must change their password on next login.
  • -swl
    (Optional) Specifies whether the user account is restricted to running multiple 
    CA Harvest SCM
     sessions from 
    CA Harvest SCM
     clients to a single workstation for a given broker. Values for this switch are: Y=Restricted or N=Not Restricted.
    Default:
     Not Restricted
  • -rug
    Specifies the option to remove a user group association for the user.
  • -ad
    (Optional) Specifies to disable a user account. Values for this switch are: Y=Disabled or N=Not Disabled.
  • -ae
    (Optional) Specifies to force all created accounts to be marked as internal or external. Values for this switch are: Y=internal or N=external.
  • -eh 
    filename
    (Optional) Specifies the encrypted 
    CA Harvest SCM
     username-password file name. The file name used with this option contains encrypted username-password credentials and must be generated with the svrenc utility.
husrmgr and Password Authentication
When you are using internal authentication (
CA Harvest SCM
 authentication), all user fields can be edited.
When you are using external authentication, such as Windows Active Directory, only the UserName and Note fields can be edited; no other fields can be edited (Password, RealName, Phone#, Phone Extension, Fax# and Email). Except for Password, the remaining fields which cannot be edited are periodically synchronized from the authentication server.
For more information on authentication data synchronization, see the -authsynchinterval broker argument in Configuring External Authentication in the 
Installing section
.
When you are using external authentication, if any of the following options are provided when importing or overwriting a user, they are ignored. A warning message displays for each option.
  • Password
  • RealName
  • Phone#
  • Phone Extension
  • Fax#
  • Email
  • The -cpw option (change password at next logon)
Import User Mode
When you are using internal authentication (
CA Harvest SCM
 authentication), a user is created only if the User Name provided does not already exist in 
CA Harvest SCM
.
When you are using external authentication, such as Microsoft Active Directory, a user is created only if the User Name provided does not exist in 
CA Harvest SCM
 and it exists in the authentication server. The input file format is:
UserName<tab>Password<tab>RealName<tab>
Phone#<tab>Ext<tab>Fax#<tab>Email<tab>Note<tab>
Usrgrp1<tab>Usrgrp2<tab>Usrgrp3<tab>...
Overwrite User Mode
When you are using internal authentication (
CA Harvest SCM
 authentication), the User Name can be changed only if the new User Name does not already exist in 
CA Harvest SCM
.
When you are using external authentication such as Microsoft Active Directory, the User Name can be changed only if the new User Name does not already exist in 
CA Harvest SCM
 but it does exist on the authentication server.
When the -nn option is used, the input file format is:
CurrentUserName<tab>NewUserName<tab>Password<tab>RealName<tab>
Phone#<tab>Ext<tab>Fax#<tab>Email<tab>Note<tab>
Usrgrp1<tab>Usrgrp2<tab>Usrgrp3<tab>...
When the -nn option is 
not
 used, the input file format is:
UserName<tab>Password<tab>RealName<tab>
Phone#<tab>Ext<tab>Fax#<tab>Email<tab>Note<tab>
Usrgrp1<tab>Usrgrp2<tab>Usrgrp3<tab>...