There are various approaches for populating ArcGIS Server's built-in security store using the ArcGIS REST API. This particular script creates users and roles using two text files: one containing a list of users and the other containing a list of roles. With this script it's possible to assign a single user to multiple roles.
The input file containing the roles should be structured like this:
#Role|Description|Privilege
admins|Server Administrators|ADMINISTER
publishers|Service Publishers|PUBLISH
rangers|Park rangers|ACCESS
volunteers|Volunteer staff|ACCESS
visitors|Visitors|ACCESS
- Role—A name for the role.
- Description—A user-friendly description for the role.
- Privilege—The ArcGIS Server role type that determines the level of privilege held by the role. There are three levels of privilege: ADMINISTER|PUBLISH|ACCESS. See Restricting access to ArcGIS Server to learn about these.
The input file containing the users should be structured like this:
#User|Password|EMail|FullName|Description|RolesThatTheUserBelongsTo
John|changeme|[email protected]|John Doe|Server admin|admins
Jane|changeme|[email protected]|Jane Doe|Server publisher|publishers,rangers
Amy|changeme|[email protected]|Amy Doe|Summer intern|volunteers
Bob|changeme|[email protected]|Bob Doe|Park visitor|visitors
- User—The name for the user
- Password—The password for the user
- EMail—The e-mail address for the user
- FullName—The full name or detailed name of the user
- Description—A description of the user
- RolesThatTheUserBelongsTo—A comma-delimited list of roles to which the user should be assigned
You can modify the script code to expect a different property set or set some of the above properties by default.
Below is the script body:
import json
import urllib,httplib
import sys
import getpass
import codecs
def main(argv=None):
# Ask for admin user name and password
username = raw_input("Enter user name: ")
password = getpass.getpass("Enter password: ")
# Ask for server name and the port
serverName = raw_input("Enter server name: ")
serverPort = raw_input("Enter server port: ")
# Get a token and connect
token = getToken(username, password, serverName, serverPort)
if token == "":
sys.exit(1)
# Input file that contains the role information
rolesFile = raw_input("Path to pipe-delimited text file containing roles: ")
# Input file that contains the user information
usersFile = raw_input("Path to pipe-delimited text file containing users: ")
# Dictionaries to store user and role information
roles = {}
rolePrivileges = {}
users = {}
userRoles = {}
# Loop through the roles file and create the roles
# Add the user information to a dictionary
num = 0
for roleRow in readlinesFromInputFile(rolesFile):
roles["role" + str(num)] = {"rolename":roleRow[0],"description":roleRow[1]}
rolePrivileges["rolePrivilege" + str(num)] = {"rolename":roleRow[0], "privilege":roleRow[2]}
num +=1
# Read the user's file
num = 0
for userRow in readlinesFromInputFile(usersFile):
# Add the user information to a dictionary
users["user" + str(num)] = {"username":userRow[0],"password":userRow[1],"email":userRow[2], "fullname":userRow[3],"description":userRow[4].rstrip()}
userRoles["userRole"+str(num)] = {"username" : userRow[0],"roles":userRow[5]}
num +=1
# Call helper functions to add users and roles
addRoles(roles,serverName, serverPort,token)
assignPrivilegeToRole(rolePrivileges, serverName, serverPort, token)
addUsers(users,serverName, serverPort,token)
addUsersToRoles(userRoles, serverName, serverPort, token)
# A function that reads lines from the input file
def readlinesFromInputFile(filename, delim='|'):
file = codecs.open(filename,'r','utf-8-sig')
for line in file.readlines():
# Remove the trailing whitespaces and the newline characters
line = line.rstrip()
if line.startswith('#') or len(line) == 0:
pass # Skip the lines that contain # at the beginning or any empty lines
else:
# Split the current line into list
yield line.split(delim)
file.close()
# A function that will post HTTP POST request to the server
def postToServer(serverName, serverPort, url, params):
httpConn = httplib.HTTPConnection(serverName, serverPort)
headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
# URL encode the resource URL
url = urllib.quote(url.encode('utf-8'))
# Build the connection to add the roles to the server
httpConn.request("POST", url, params, headers)
response = httpConn.getresponse()
data = response.read()
httpConn.close()
return (response, data)
# Helper function that adds the roles
def addRoles(roleDict, serverName, serverPort, token):
for roleToAdd in roleDict:
role = roleDict[roleToAdd]
print "Adding the role: " + role['rolename']
# URL for adding a role
addroleURL = "/arcgis/admin/security/roles/add"
params = urllib.urlencode({'token':token,'f':'json','rolename':role['rolename'],'description':role['description']})
response, data = postToServer(serverName, serverPort, addroleURL, params)
if (response.status != 200 or not assertJsonSuccess(data)):
print "Error adding the role: " + role['rolename']
print str(data)
else:
print "Added the role '" + role['rolename'] + "' successfully"
# Helper function that assigns privileges to roles
def assignPrivilegeToRole(privileges, serverName, serverPort, token):
for privilegeToAssign in privileges:
privilege = privileges[privilegeToAssign]
# URL for assigning a privilege to a role
assignPrivilegeURL = "/arcgis/admin/security/roles/assignPrivilege"
params = urllib.urlencode({'token':token,'f':'json','rolename':privilege['rolename'],'privilege':privilege['privilege']})
response, data = postToServer(serverName, serverPort, assignPrivilegeURL, params)
if (response.status != 200 or not assertJsonSuccess(data)):
print "Could not assign the privilege '" + privilege['privilege'] + "' to the role '" + privilege['rolename'] + "'"
print str(data)
else:
print "Assigned the privilege '" + privilege['privilege'] + "' to the role '" + privilege['rolename'] + "' successfully"
# Helper function that adds the users
def addUsers(userDict,serverName, serverPort, token):
for userAdd in userDict:
user = userDict[userAdd]
print "Adding the user:" + user['username']
# URL for adding a user
addUserURL = "/arcgis/admin/security/users/add"
params = urllib.urlencode({'token':token,'f':'json','username':user['username'],'password':user['password'],'fullname':user['fullname'],'description':user['description'],'email':user['email']})
response, data = postToServer(serverName, serverPort, addUserURL, params)
if (response.status != 200 or not assertJsonSuccess(data)):
print "Error adding user: " + user['username']
print str(data)
else:
print "Added the user '" + user['username'] + "' successfully"
# Helper function that adds users to roles
def addUsersToRoles(userRoleDict,serverName, serverPort, token):
for userAdd in userRoleDict:
userRole = userRoleDict[userAdd]
print "Adding the user '" + userRole['username'] + "' to the role(s) '" + userRole['roles'] + "'"
addUserToRolesURL = "/arcgis/admin/security/users/assignRoles"
params = urllib.urlencode({'token':token,'f':'json',"userName":userRole['username'],"roles":userRole['roles']})
response, data = postToServer(serverName, serverPort, addUserToRolesURL, params)
if (response.status != 200 or not assertJsonSuccess(data)):
print "Could not add user '" + userRole['username'] + "' to the role(s) '" + userRole['roles'] + "'"
print str(data)
else:
print "Added the user '" + userRole['username'] + "' to the role(s) '" + userRole['roles'] + "' successfully"
def getToken(username, password, serverName, serverPort):
httpConn = httplib.HTTPConnection(serverName, serverPort)
tokenURL = "/arcgis/admin/generateToken"
params = urllib.urlencode({'username': username, 'password': password,'client': 'requestip', 'f': 'json'})
response, data = postToServer(serverName, serverPort, tokenURL, params)
if (response.status != 200 or not assertJsonSuccess(data)):
print "Error while fetching tokens from admin URL. Please check if the server is running and ensure that the username/password provided are correct"
print str(data)
return
else:
# Extract the token from it
token = json.loads(data)
return token['token']
# A function that checks that the JSON response received from the server does not contain an error
def assertJsonSuccess(data):
obj = json.loads(data)
if 'status' in obj and obj['status'] == "error":
return False
else:
return True
# Script start
if __name__ == "__main__":
sys.exit(main(sys.argv[1:]))