Daily report on team/permission

(ge.bai) #1

Hello,

We want to generate a daily report for teams and permissions settings so we can track changes and updates.

Any suggestions on best approach for doing this?

Thanks,

Ge

(ge.bai) #2

I started with PowerShell making API calls.

However, I receive “(401) Unauthorized” when querying user and scopeduserroles, even though I am Octopus Administrator, my API key doesn’t seem to be sufficient.

(Justin Walsh) #3

Hi @gebai

One option here could be querying the Events endpoint for all user-related events within a certain timeframe. What I find particularly useful is modelling the data in the Audit log in the Octopus UI, then recording the relevant API calls for my own scripts.

Here’s a couple of handy examples:

All user-related events within two timestamps
<your server>/api/events?from=<start timestamp>&to=<endtimestamp>&documentTypes=azuresubscription%2Cusernamepassword%2Cazureserviceprincipal&spaces=all&includeSystem=true

All team-related events from the last day
<your_server>/api/events?from=2019-06-13T00%3A00%3A00-04%3A00&to=2019-06-14T00%3A00%3A00-04%3A00&documentTypes=Teams&spaces=all&includeSystem=true

All user role-related events from the last day
<your_server>api/events?from=2019-06-13T00:00:00-04:00&to=2019-06-14T00:00:00-04:00&documentTypes=Teams&spaces=all&includeSystem=true

Hope this helps!

(ge.bai) #4

Hi Justin,

Thanks for the suggestion, we’re already doing this. We have a scheduled job that sends us report about changes happened yesterday.

What I am trying to do now is generating a report (Confluence page eventually) on a daily basis, which shows all existing teams, team members, user roles, and their scopes.

Seems like I should be able to get these information from API. However, I receive “(401) Unauthorized” error on retrieving user info and scoped user roles even with my admin API key.

Is there something I am missing? any suggestions on how to retrieve user info via API calls?

Thanks,

Ge

(Justin Walsh) #5

Hi again Ge,

I just tested the various API calls you mentioned on my local instance and was able to reference them all without a problem. Owing to the fact you’re getting a 401 error, leads me to think that perhaps the API key being used in your script might not be one for an Octopus Administrator?

Just to rule that out, an option you could try is generating a new secondary API key for your Administrator user, just to verify that it does line up with your account with full permissions, and then test with that?

(ge.bai) #6

Hi Justin,

Adding X-Octopus-ApiKey to my request header resolved the problem.

Thanks for looking into this.

This ticket can be closed now.

Best,

Ge

(system) closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.