AzMan utility project
I have recently worked with the Authorization Manager. The easiest way to interact with AzMan is to use azman.msc, the mmc snapin.
The provided UI is a good starting point but it's missing a lot of features that would be really useful when working on reasonably sized project.
Excel can help by providing a read only view of some of the AzMan store data, but nothing really great.
Fortunately, there is an API that is available. I actually spent most of my time writing my own little tools to do most of the work.
I have just started to compile a list of the features that I would have liked. I will start to write an application that will hopefully help azman users :)
○ Ability to copy store from one place to another
○ Auto assign operation ID
○ Warn when operation ID are identical
○ Provide easy reverse lookup like all users that can access this operation, etc…
○ Identify unreferenced items (e.g. this operation is not used)
○ Copy from one store to another (i.e. xml -> AD). Use filters (only operations, roles, ...)
○ Search in store. Add filters (only operations, tasks, roles, ...)
○ Diff between 2 stores
○ Merge 2 stores
○ Support for custom principals
○ Dump text / html version of the store
○ Display graphical view of the store, or launch azman.msc
○ Generate enums/code for operation/task/roles (c# & vb)
○ Generate script that creates the store
○ Generate Excel matrix (tasks vs. operations, roles vs. tasks, users vs. roles)
Well, I guess that I will have to start by prioritizing theses features :)
The provided UI is a good starting point but it's missing a lot of features that would be really useful when working on reasonably sized project.
Excel can help by providing a read only view of some of the AzMan store data, but nothing really great.
Fortunately, there is an API that is available. I actually spent most of my time writing my own little tools to do most of the work.
I have just started to compile a list of the features that I would have liked. I will start to write an application that will hopefully help azman users :)
○ Ability to copy store from one place to another
○ Auto assign operation ID
○ Warn when operation ID are identical
○ Provide easy reverse lookup like all users that can access this operation, etc…
○ Identify unreferenced items (e.g. this operation is not used)
○ Copy from one store to another (i.e. xml -> AD). Use filters (only operations, roles, ...)
○ Search in store. Add filters (only operations, tasks, roles, ...)
○ Diff between 2 stores
○ Merge 2 stores
○ Support for custom principals
○ Dump text / html version of the store
○ Display graphical view of the store, or launch azman.msc
○ Generate enums/code for operation/task/roles (c# & vb)
○ Generate script that creates the store
○ Generate Excel matrix (tasks vs. operations, roles vs. tasks, users vs. roles)
Well, I guess that I will have to start by prioritizing theses features :)
