Release : 10.3

Component : Spectrum Core / SpectroSERVER

When we create admin users in Spectrum the user model itself is of the "user" model type.

What determines users "roles" are the "UserRole" model types that get associated with that user ID.

There is also the "issuperuser" attribute ID off the user model itself.

So there are two things that should be done:

1. Create a search on users that have "isSuperUser" set to "Yes".

2. Create a CLI script that periodically runs and outputs any user that has the UserRole of "Administrator" associated with it.

Example:



-bash-4.2$ ./show models | grep -i spectrum
0x1002877 spectrum 0x10372 TroubleShooter
0x1001262 spectrum1(Active) 0x10004 User
0x1000062 spectrum(Active) 0x10004 User
0x10029b4 spectrum 0x6730010 SDN_Tenant
0x1002897 spectrum 0x6730010 SDN_Tenant
0x1001263 User-spectrum1-5e878c1f-00cf-100 0x10475 AccessGroup


-bash-4.2$ ./show associations mh=0x1000062
LMHandle LMName Relation RMHandle RMName
0x1000006 Repair Can_Assign 0x1000062 spectrum
0x100000a NotInAnyGroup Has_Member 0x1000062 spectrum
0x1000013 Service Manager UserRole 0x1000062 spectrum
0x1000016 Administrator UserRole 0x1000062 spectrum
0x1000017 Operator UserRole 0x1000062 spectrum


You can see the "Spectrum" user has the "Administrator" role associated with it.

An easier way would be to show associations against the UserRole model itself:

-bash-4.2$ ./show associations mh=0x1000016
LMHandle LMName Relation RMHandle RMName
0x1000016 Administrator UserRole 0x1000062 spectrum
0x1000016 Administrator UserRole 0x1001262 spectrum1
0x1000015 LicenseRoleManager ProvidesLicenseRole 0x1000016 Administrator


That list shows all users associated with that model handle.