Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mrvic02
Participant

How to generate CSV or TXT report of the users under user's group

Seeking for assistance on how to generate CSV or TXT report of the list of users under user's group.

Tried below scripts but not works on my lab.

--------------------------

#!/bin/sh
JQ=/opt/CPshrd-R80.40/jq/jq
GROUP_NAME=$1
USERS_FILE="users.json"
USER_FILE="user.json"
USER_NAMES_FILE="$GROUP_NAME.txt"
> $USER_NAMES_FILE
/opt/CPshrd-R80.40/bin/mgmt_cli -r true show generic-objects name $GROUP_NAME details-level full -f json > $USERS_FILE
if [ $? -ne 1 ]; then
USERS_UIDS=($($JQ -r '.objects[] | .emptyFieldName[] | .' $USERS_FILE))
for USER_UID in ${USERS_UIDS[@]}; do
echo 'User UID: '"$USER_UID"
/opt/CPshrd-R80.40/bin/mgmt_cli -r true show generic-object uid $USER_UID -f json > $USER_FILE
if [ $? -ne 1 ]; then
USER_NAME=($($JQ -r '.name' $USER_FILE))
echo 'User Name: '"$USER_NAME"
echo $USER_NAME >> $USER_NAMES_FILE
fi
done
fi

--------------------------------

I'm getting this errors.

The parameters of show-generic-objects command should be provided in pairs (key and value). You have provided an odd number of parameters which suggests that you are probably missing a parameter.

 

 

Note: I'm using R80.40 management server.

0 Kudos
6 Replies
JozkoMrkvicka
Leader
Leader

Why so complicated ?

There is "show user-groups" and "show user-group" APIs which can be used.

If not possible, then try to replace your "show generic-objects" with "show object" (also valid API command).

Kind regards,
Jozko Mrkvicka
0 Kudos
mrvic02
Participant

@JozkoMrkvicka 

Can you please provide the complete command for your suggested api commands?

0 Kudos
PhoneBoy
Admin
Admin

mrvic02
Participant

@PhoneBoy Thanks for providing the link.

0 Kudos
Jonas_Rosenboom
Employee
Employee

The script you listed requires you to provide the group name as the first argument.
See below and replace <GROUP_NAME> with your group.

/home/admin/show_usergroup_members.sh <GROUP_NAME>

 

 If you have API version 1.6.1 or above, you can also use `show-user-group` as suggested:

mgmt_cli -r true show-user-group name '<GROUP_NAME>' -f json| jq -r '.members[] | [.name, .type] | @csv'

 

Be aware that both commands will list all members of the group (including administrators and other user-groups), not just users. For administrators it will show an empty string in the `type` column.

# output from previous command
"admin",""
"api_user",""
"banana","user"
"another_usergroup","user-group"

 

Documentation

API / mgmt_cli https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-user-group~v1.7
jq https://stedolan.github.io/jq/ 
mrvic02
Participant

I will try this one. Thank you.

0 Kudos