Security Audit

agodfrey · 23 August 2016 18:53

I found this post which is a bit incomplete:
http://help.octopusdeploy.com/discussions/questions/8730-how-to-produce-a-security-audit-of-roles-and-access

I am not a java developer, so was looking at a way to do this with either sql or the API. This user is right in that doing the sql queries is difficult, the arrays make it difficult to see the friendly names. Is there a way to use the API to cycle through the “test permissions” tool so that I can get that information for every octopus user?

Dalmiro · 24 August 2016 16:36

Hi,

Thanks for reaching out.

You can get all user IDs from api/users/all and then use that api to get the permissions of each using /api/users/[User Id]/permissions

Hope that helps!
Dalmiro

agodfrey · 24 August 2016 16:54

Yes I understand, but this is going to take some time, and my scripting abilities are not up to task to get this done in a quick turnover. Since we are a customer can we please get some assistance in writing the script?

Dalmiro · 24 August 2016 17:13

Hi,

We do not write custom scripts like that, but I can definitely give you a hand to start with it.

The below script will get all users, then get the permission for each user and save it into the $Permissions collection. It’ll be up to you or someone in your team proficient with Powershell to format the data in the way your current system expects.

$OctopusAPIkey = "" #Your Octopus API Key
$OctopusURL = "" #Your Octopus portal base URL
$header = @{ "X-Octopus-ApiKey" = $octopusAPIKey }

#Getting all users from API
$AllUsers = (Invoke-WebRequest "$OctopusURL/api/users/all" -Method Get -Headers $header).content | ConvertFrom-Json

$Permissions = @()

#Gathering permissions of all users into the $Permissions collection
foreach($user in $AllUsers){

    $permissions += (Invoke-WebRequest $OctopusURL/api/users/$($user.id)/permissions -Method Get -Headers $header).content | ConvertFrom-Json

}

<#
$Permissions will hold 1 object per user. Each object will have a "Permissions" member which holds all the permissions that a user has. 

You can work with this $permissions collection to build your report. I recommend trying to create a CSV spreadsheet out of this using convertto-csv
#>

Best regards,
Dalmiro

agodfrey · 24 August 2016 17:14

Thanks for the head-start!