class Ucert::JpmAccessTracker
Class to handle Jpm for BE user account IDs
Attributes
file_jpm_user_map[RW]
Class constant variables
jpm_2_ad_user[R]
jpm_user_entitlement[R]
jpm_user_group_entitlement[R]
jpm_user_group_entitlement_report[RW]
Class constant variables
jpm_user_status_report[RW]
Class constant variables
verbose[RW]
Class constant variables
Public Class Methods
new(params ={})
click to toggle source
Instance default variables
# File lib/ucert/jpm_access_tracker.rb, line 19 def initialize (params ={}) @verbose=params.fetch(:verbose, false) # JPM Access user entitlement report generation: Logon to Jpm for BE sites www.jpmorganaccess.com # Once logon, click "Administration" -> "Reports", select "Entitlements Report" -> "Custom" # In the Customization window, select "Summary + Details" for "Report Layout" field, "Pipe Delimited" for "Output" field # under "Report Criteria" sub-menu, choose "All Users" for the "Select Users/Groups" field # under "Additional Criteria" sub-menu, check both "Active" and "Inactive" for "User Status"; select "All Products" for "Products" field, "All Functions" for "Functions" field , "All Accounts" for "Accounts / Account Groups" field # Press "Run" button to generate the report @jpm_user_entitlement_report = File.dirname(__FILE__)+"/../../data/jpm_access/jpm_user_entitlements_details.txt" # Select "User Group" instead of "User"; following the rest instrctions above to generate User Group entitlement report. # Note: As of 01/05/2015 the Group function is not utilized in the CMBNY account. So we have a stud here for furture implementation only. @jpm_user_group_entitlement_report = File.dirname(__FILE__)+"/../../data/jpm_access/jpm_user_entitlements_details.txt" # JPM Access to AD user map file @file_jpm_user_map = File.dirname(__FILE__)+"/../../data/jpm_access/jpm_access_user_map.txt" # Load user map from the local cacsh file @jpm_2_ad_user=load_known_user_map_from_file(@file_jpm_user_map) # Load the user entitlement instance variable from the user report @jpm_user_entitlement=parse_jpm_user_entitlement_report(@jpm_user_entitlement_report) # Load the user group entitlement instance variable from the user group report @jpm_user_group_entitlement=parse_jpm_user_group_entitlement_report(@jpm_user_group_entitlement_report) # Procedure to add DN foreign key to the @jpm_user_entitlement, by performing the AD search insert_dn # Save the user map to local cache file save! end
Public Instance Methods
dn_2_index(dn)
click to toggle source
Retrieve the user index from the @jpm_user_entitlement data structure
# File lib/ucert/jpm_access_tracker.rb, line 100 def dn_2_index (dn) begin (1..@jpm_user_entitlement.count).map do |index| return index if @jpm_user_entitlement[index]["DN"]==dn end rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
jpm_search_by_dn(dn)
click to toggle source
Search user entitlement record by AD DN
# File lib/ucert/jpm_access_tracker.rb, line 190 def jpm_search_by_dn (dn) begin puts "Perform search on the user entitlement records by AD DN: #{dn}" if @verbose @jpm_user_entitlement.each do |key, val| return val if @jpm_user_entitlement[key]['DN'].eql? dn end return nil rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
Also aliased as: search_by_dn
Private Instance Methods
insert_dn()
click to toggle source
Procedures to add additonal field 'dn' into the @jpm_user_entitlement data structure, by person the AD search
# File lib/ucert/jpm_access_tracker.rb, line 111 def insert_dn begin tracker = Ucert::AdTracker.new(:verbose=>false) @jpm_user_entitlement.each do |index, record| puts "\n\nPerform DN lookup for record: #{record}" if @verbose key1 = record['Email'] if record['Email'] key2 = record['User ID'] if record['User ID'] key3 = record['User First Name'] + record['User Last Name'] if record['User First Name'] and record['User Last Name'] key4 = record['Employee ID'] if record['Employee ID'] my_key = record['User ID'].upcase puts "Perform 1st order search from the local cache: #{my_key}" if @verbose if @jpm_2_ad_user.key?(my_key) dn=@jpm_2_ad_user[my_key] # additional logic to update the existing DN record unless tracker.ad_person_records.key?(dn) dn = update_dn(tracker,dn) end puts "Found in the local cache file: #{dn}" if @verbose else if dn.nil? and !key1.nil? puts "Perform 2nd order search only if the 1st one fail, by using: #{key1}" if @verbose dn = tracker.ad_search_by_text(key1, "person") end if dn.nil? and !key2.nil? puts "Perform 3rd order search only if the last fail, by using: #{key2}" if @verbose dn = tracker.ad_search_by_text(key2, "person") end if dn.nil? and !key3.nil? puts "Perform 4th order search only if the last fail, by using: #{key3}" if @verbose dn = tracker.ad_search_by_text(key3, "person") end if dn.nil? and !key4.nil? puts "Perform 5th order search only if the last fail, by using: #{key4}" if @verbose dn = tracker.ad_search_by_text(key4, "person") end end @jpm_user_entitlement[index]['DN'] = dn end tracker=nil rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
parse_jpm_user_entitlement_report(file)
click to toggle source
Parsing the Jpm Access user entitlement report in text format
# File lib/ucert/jpm_access_tracker.rb, line 46 def parse_jpm_user_entitlement_report (file) begin puts "Parse the user entitlement detail report: #{file}" if @verbose jpm_user_entitlement=Hash.new user_index=1 line_cnt=0 doc = File.open(file,'r') header=Array.new doc.each_line do |line| line_cnt+=1 if line_cnt==1 header=line.chomp.split('|') puts "JPM Access User Entitlement Header:\n #{header}" if @verbose next # skip the header line end record=line.chomp.split('|') #puts "Processing record:\n #{header}\n\n#{record}" if @verbose #user_index+=1 record_h=Hash[header.zip(record)[0..26]] right_h=Hash[header.zip(record)[27..80]] puts "Adding JPM Entitlement Record: #{record_h}" if @verbose if jpm_user_entitlement.key?(user_index) puts "Checking record User_ID field match: #{jpm_user_entitlement[user_index]['User ID']}, #{record_h['User ID']}" if @verbose if jpm_user_entitlement[user_index]["User ID"] == record_h["User ID"] jpm_user_entitlement[user_index]["Rights"].push(right_h) else user_index+=1 jpm_user_entitlement[user_index]=record_h jpm_user_entitlement[user_index]["Rights"]=[right_h] puts "Processing user record number: #{user_index}" if @verbose end else jpm_user_entitlement[user_index]=Hash.new jpm_user_entitlement[user_index]=record_h jpm_user_entitlement[user_index]["Rights"]=[right_h] end end doc=nil return jpm_user_entitlement rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
parse_jpm_user_group_entitlement_report(file)
click to toggle source
Parsing the Jpm Access user group entitlement report in text format - TBD as currently this feature is not in use
# File lib/ucert/jpm_access_tracker.rb, line 91 def parse_jpm_user_group_entitlement_report (file) begin rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
print_user_entitlement()
click to toggle source
Print out the user entitlement table in plain text, to be imported into database
# File lib/ucert/jpm_access_tracker.rb, line 156 def print_user_entitlement begin puts "user Entitlement Report in Plain-text Format" if @verbose puts "User First Name|User Middle Initial|User Last Name|Job Title|User ID|Logon Type|Employee ID|User Status|Email|Address Line 1|Address Line 2|City|State/Province/Region|Zip/Postal Code|Country|Phone 1|Phone 1 Extension|Phone 1 Type|Phone 2|Phone 2 Extension|Phone 2 Type|Phone 3|Phone 3 Extension|Phone 3 Type|Last Logon Date|Last Modified Date|Last Modified By|Rights|DN" if @verbose @jpm_user_entitlement.values.map do |rec| puts "#{rec['User First Name']}|#{rec['User Middle Initial']}|#{rec['User Last Name']}|#{rec['Job Title']}|#{rec['User ID']}|#{rec['Logon Type']}|#{rec['Employee ID']}|#{rec['User Status']}|#{rec['Email']}|#{rec['Address Line 1']}|#{rec['Address Line 2']}|#{rec['City']}|#{rec['State/Province/Region']}|#{rec['Zip/Postal Code']}|#{rec['Country']}|#{rec['Phone 1']}|#{rec['Phone 1 Extension']}|#{rec['Phone 1 Type']}|#{rec['Phone 2']}|#{rec['Phone 2 Extension']}|#{rec['Phone 2 Type']}|#{rec['Phone 3']}|#{rec['Phone 3 Extension']}|#{rec['Phone 3 Type']}|#{rec['Last Logon Date']}|#{rec['Last Modified Date']}|#{rec['Last Modified By']}|#{rec['Rights']}|#{rec['DN']}" end rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
Also aliased as: print_user
save_jpm_user_map!(file=@file_jpm_user_map)
click to toggle source
Save the Prime to AD user mapping relation into the cache file
# File lib/ucert/jpm_access_tracker.rb, line 170 def save_jpm_user_map!(file=@file_jpm_user_map) puts "Saving the known Prime to AD user mapping relationship to file: #{file} ..." if @verbose begin timestamp=Time.now f=File.open(file, 'w') f.write "# local Jpm for Securitites to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}" @jpm_user_entitlement.values.map do |record| key = record['User ID'].upcase value = record['DN'] f.write "\n#{key}|#{value}" end f.close puts "Jpm Securitites to AD user map file is successfully saved to: #{file}" if @verbose rescue => ee puts "Exception on method #{__method__}: #{ee}" if @verbose end end
Also aliased as: save!