icon-arrow icon-check icon-mail icon-phone icon-facebook icon-linkedin icon-youtube icon-twitter icon-cheveron icon-download icon-instagram play close icon-arrow-uturn icon-calendar icon-clock icon-search icon-chevron-process icon-skills icon-knowledge icon-kite icon-education icon-languages icon-tools icon-experience icon-coffee-cup
Werken bij Whitehorses
Blog 22/06/2022

Remove roles from Oracle BPM using WLST scripting

blog

Whitehorses
Michel van Zoest /
Integratiespecialist

During the past 8 years, our team has created several Oracle ACM Cases, supported by BPM Processes. For these cases and processes, numerous roles have been created to allow fine-grained access to user-groups, both small and large.

After all this time, the requirement came up to remove one of those cases, its corresponding processes and all related roles.

Removing those roles using the GUI in the Oracle BPM Workspace or Enterprise Manager can be a cumbersome task. We calculated that in this instance it would take one person several days to remove them all by hand.
So, in comes scripting!

Oracle offers the Weblogic Scripting Tool (or WLST for short) to run such a script.
On their website you can find several pieces of documentation, describing how to use WLST. For working with BPM roles, this document is relevant: https://docs.oracle.com/cd/E52734_01/oam/STIAM/policy_cred_wlst.htm#STIAM13035
But lo and behold! Exactly the command we need, namely deleteAppRole is not documented.

Luckily, with a bit of logical thinking, the correct syntax is not complicated.

To run the script, a few steps have to be followed.

First, using your favorite tool, connect to the weblogic server terminal.

Then run the following commands to start the WLS console.

sudo su - oracle
cd /app/middleware/weblogic/installation/oracle_common/common/bin
./wlst.sh

 

And finally connect to the Weblogic t3 server using the following command (replace the parts with <> for your own situation).

connect('<weblogic_user>','<weblogic password>','t3://<bpm_server>:<port>')

 

You are now able to run the deleteAppRole commands. You can choose to do them one by one, or all of them at once.

The syntax is quite straightforward. Add values for the parameters AppStripe and AppRoleName, and that's it.


Here are few examples.

deleteAppRole(appStripe="OracleBPMProcessRolesApp", appRoleName="CompanyCase_1.0.Administrator")
deleteAppRole(appStripe="OracleBPMProcessRolesApp", appRoleName="PaymentProcess_2.0.Accountant")
deleteAppRole(appStripe="OracleBPMProcessRolesApp", appRoleName="PaymentProcess_2.0.Auditor")

 

After running these commands, you can check in BPM Workspace or Enterprise Manager if the roles have been deleted.

Geen reacties

Geef jouw mening

Reactie plaatsen

Reactie toevoegen

Jouw e-mailadres wordt niet openbaar gemaakt.

Geen HTML

  • Geen HTML toegestaan.
  • Regels en alinea's worden automatisch gesplitst.
  • Web- en e-mailadressen worden automatisch naar links omgezet.
Whitehorses
Michel van Zoest /
Integratiespecialist

Wil je deel uitmaken van een groep gedreven en ambitieuze integratiespecialisten? Stuur ons jouw cv!