While UCD provides tools to build and maintain the permissions model it doesn’t give you a ‘single view’ that can be used in workshops and other forums to discuss the operation of the model and the specifics of what permissions are granted to each role.
Often as part of the process of adopting UCD, it is seen as desirable to have the model presented in a documented form for sign-off and also for discussions around future change. It can also be needed for training purposes so that each role in the organization clearly knows what their responsibilities are.
It would also help if there was an easy way to spot anomalies where a permission isn’t granted to any role. This might be an oversight or perhaps intentional, but it would help if these were easy to spot and justify.
UCD has over 160 permissions at the time of writing spread across 18 different categories or object classes. This also changes over time as UCD evolves and more permissions are added / old ones changed in their scope.
So, wouldn’t it be handy if you could just develop the permissions model in UCD itself and then extract what you had set up for documentation and discussion purposes? That way you would only have one place to maintain the model and, in keeping with general best practices, only have a single source of truth – UCD itself!!
What I’m presenting here is a small groovy script that will do just that for you. It will enumerate all the permissions in UCD across the 18 different object classes and include variations in permissions for each resource role or ‘Type’, against all of the UCD roles that you have defined. The output is a tab-separated list which can be easily imported into a spreadsheet for analysis.
The script will also warn you if there are any permissions in your model that aren’t assigned to any role-resource role combination meaning that the UCD operation it represents cannot be performed by anyone.
The tool is executed via a shell script and you will need a copy of the uDeployRestClient.jar file in the same directory. You can find this jar in any of the UCD plugins that provide services to automate UCD itself.
You will also need to setup the environment variables JAVA_HOME pointing at your JRE and also GROOVY_HOME pointing at a groovy installation. (UCD agents have one of these in their opt sub-directory.)
The script takes three parameters, -user, -password and -weburl. You should redirect standard output to a file to receive the extracted permissions information which you will later import into a spreadsheet.