RBAC: How to Import and Export Users with the Web User Interface

Last updated on February 4, 2021.

Last Reviewed and Approved on PENDING REVIEW

Intended Audience

This document is intended for use by the LSI or developer.

Introduction

The Rapid Provisioning System (RPS) uses a role-based authorization approach called Role-Based Access Control (RBAC) to restrict system access only to authorized users. The way you control access to resources using RPS RBAC is to assign users to roles. This is a key concept to understand – it's how permissions are enforced.

A role assignment consists of two primary elements: Users and Roles. The user is a member of a role. A role is what has the security right assigned to it. The first layer of security is to ensure only people who require access to RPS have user accounts. This article will provide the How-To process for importing and exporting users and their assigned roles to and from RPS.

Assumptions

  1. You have read the Introduction to RBAC article and have a basic understanding of Role-Based Access Control.
  2. You have access to the RPS Graphic User Interface (GUI or UI).
  3. You are assigned to the appropriate role to make the changes you intend to make.
  4. If Importing Users, you have an existing XML file with appropriate data.

RBAC Fundamentals

RBAC Terms and Definitions

  • Role-Based Access Control (RBAC) – an authorization system that provides fine-grained access management of RPS resources.
  • Role – a collection of permissions.
  • User – A logical representation of a person or persona acting as a consumer (of the application). Most users are objects found in Active Directory, however some personas that are treated as users, such as service accounts are users that are not found in Active Directory.

RBAC Concepts

  • RPS uses Windows to perform its authentication but has internal roles for authorization.
  • To add users to RPS the user must be a local or domain account and must be accessible via the system running RPS.
  • Once a user is added they will not have any rights or privileges until they are assigned to a role.
  • If a local or domain account is suspended or deleted, that account will be unable to access RPS.

How to Import a List of Local/Domain Users to RPS

To import a user list XML file:

  1. From any page in RPS, select Admin in the navigation bar.

  2. In the dropdown menu, select Import Security Data. Import User 1 and 2

  3. On the right side, locate 'Import File'. Click the Choose File button. Import User 3

  4. After selecting your file... Import User 4

  5. ...click on Upload. Import User 5

  6. To verify your data has imported, you can select Users from the Admin dropdown navigation bar and validate the imported users are there. Import User 6

How to Export a List of Local/Domain Users to RPS

To export a user list XML file:

  1. From any page in RPS, select Admin in the navigation bar.
  2. In the dropdown menu, select Export Security Data. Export User 1 and 2
  3. Select the Users you would like to export. There are two options to select which users you would like to export.
    • 3a. Select this box to select all users for export.
    • 3b. Select individual users' boxes to export specific users.
  4. (Optional) If you would like to encrypt the user export file, you may use a privately generated certificate and upload it here.
  5. (Optional) If you would like to export the user's role assignments, check this box.

  6. Click Export Selected. Export User 3 thru 6

  7. Save the file.