Mass update of users in LSF9 - still using LAUA security

Using LS Admin, you can mass-assign/map their RMId to use a common identity (e.g. essuser) that has the SELF_SERV class.
That way you don't have to also create 2,500 OS users, right?

Thanks John, but all of my users have unique domain user IDs that we have already migrated to ADAM. (Besides, isn't there a limitation of 1,000 users to a common identity? I could be wrong....)

So what I really need to do is update what I have. I think trying to do a mass update in GEN is not gonna happen and we are going to be forced to update those records manually (ugh!).

However, I think I should be able to generate an XML file for use with the 'loadusers' command that will allow me to update all of the RM records in ADAM. What I need to figure out now is how to automate the generation of the XML file, specifying the correct PortalRole file to use for each RM ID.

The 1000 user limit per common identity is there, so if you wanted to do it this way, you could use two or three common identities to assign to 2000 to 3000 users, respectively. A little tricky, but that's just one way you could do it.

Question: are these ESS users already in Security Administrator and can you see them there? Do they already have an identity to ESS service??

You could build a template of the XML file you need to load the RM records, with the ssoconfig tool. Then with that template, build the exact XML file you need for your company. Then, build a perl script which takes a list of your users you want to assign the PortalRole file, and then creates a XML record in an XML file for each user. Then, you load this file using loadusers. You should check the "Lawson Administration 9.0 - Resources and Security" for the background on this if you don't already know. Try this process out on one user before doing the whole thing. The other option is I think you can in Security Admin, or RM, mass assign a PortalRole attribute to multiple users. I may be wrong, but check it out and try.

Thanks Roger,

To answer your question, yes, all of my 2,700 self-service users are already in the Lawson Security Administrator, each having an RM record and the necessary identities.

I checked the mass assignment menu in Resource Manager and it looks like the "PortalRole" is not an option; at least it doesn't appear to be since I don't see it in the list of attributes I can use.

So it looks like I'll have to use an XML file to do the mass update of all the RM records but still have to go through a manual update of all the user records in LAUA.

I forgot that I could use the SSO utility to generate an XML file to use as a starting point.  Time to hit the books (again) and see what the whole process entails.

You can use RM Administrator to mass assign portalrole to all users.

1) go into RM admin > tools > mass assignment
2) left window highlight, people, then right side click basic tab, click yes to confirm change object definition, then click advance tab
3) define citeria as ID = * (all users) then add
4) put checkmark in portalrole below and double click the value box to enter yourcustom.xml

start the mass assignment by the green triangle play button.

Thanks Jimmy! That worked great. Now to get to work in LAUA.

I'm aware that interacting with GEN directly is only for those with backups, but did you ever try updating the R_USER table in the GEN database directly? Under LSF9 GEN is completely located in a database. I actually update the security class in the R_USERS table as part of my process.