For example, in our scenario (we are talking about a RPA program with more than 30 complex automations), we have credentials that expire if you don't login with those credentials for a certain period of time.
On the other hand, because of, every time we provision a new process, we have to add to credential manager, all the credential needed by the process itself (call this value x) for all the machines involved (call this value y), it's easy to understand that the process of provisioning and keeping credentials alive led me to a new limit: BP does not provide anything to create credentials, so SQL is out ally.
So the key is to launch someway (ODBC or whatever) this custom SQL store procedure from BP.
The result will be a credentials with all roles, with permissions on all processes and resource PCs and with a void password.
Please note that void is 3uDCB67zyUqBsHym7o635w==:JM6brcdYVFsZhbEKISRtaQ== for BP since because the value is encoded and may vary depending on Encryption Scheme so make sure you already check what is the null password value on your farm.
Add credentials script
USE [BluePrism]
GO
/****** Object: StoredProcedure [dbo].[BPAddUser] Script Date: 04/10/2018 14:45:30 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[BPAddUser]
@userLogin nvarchar(128)
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
-- Insert statements for procedure here
BEGIN
if not exists (select * from BPACredentials where login = @userLogin AND name = @userlogin)
BEGIN
declare @newid uniqueidentifier = NEWID();
INSERT INTO [dbo].[BPACredentials]
([id],[name],[description],[login],[password],[expirydate],[invalid],[encryptid])
VALUES
(@newid,@userLogin,'Created by script',@userLogin,'3uDCB67zyUqBsHym7o635w==:JM6brcdYVFsZhbEKISRtaQ==',NULL,0,1)
INSERT INTO [dbo].[BPACredentialRole]
([credentialid],[userroleid])
VALUES
(@newid, NULL)
INSERT INTO [dbo].[BPACredentialsProcesses]
([credentialid],[processid])
VALUES
(@newid, NULL)
INSERT INTO [dbo].[BPACredentialsResources]
([credentialid],[resourceid])
VALUES
(@newid, NULL)
END
Else
BEGIN
DECLARE @credentialId uniqueidentifier;
select @credentialId = id from BPACredentials where login = @userLogin AND name = @userlogin;
-- Create or overwrite
if not exists (select * from BPACredentialRole where credentialid = @credentialId)
INSERT INTO BPACredentialRole([credentialid],[userroleid]) values (@credentialId, NULL)
else
update BPACredentialRole set userroleid = NULL where credentialid = @credentialId
-- Create or overwrite
if not exists (select * from BPACredentialsProcesses where credentialid = @credentialId)
INSERT INTO BPACredentialsProcesses([credentialid],[processid]) values (@credentialId, NULL)
else
update BPACredentialsProcesses set processid = NULL where credentialid = @credentialId
-- Create or overwrite
if not exists (select * from BPACredentialsResources where credentialid = @credentialId)
INSERT INTO BPACredentialsResources([credentialid],[resourceid]) values (@credentialId, NULL)
else
update BPACredentialsResources set resourceid = NULL where credentialid = @credentialId
END
END
END
It's very useful. But, our DBAs are not sharing DB details to run this query against it. Any code stage can be really helpful. I know it have to connect to DB again, but checking if there is another way. Still not sure why BP didn't provide that feature and delete credential feature.
ReplyDelete