Announcement

Collapse
No announcement yet.

Kill User Sessions without being SysAdmin

Collapse
X
Collapse
  •  

  • Kill User Sessions without being SysAdmin

    I've seen a question like this float around this forum and that other forum (http://forums13.itrc.hp.com/service/...categoryId=695) and it seemed like something that should be possible, and should be included OOB, but for some reason, was never done.

    Let's say you have a user call your Helpdesk group, because they've somehow managed to lock themselves out of Service Manager, and the helpdesk needs to kill that user's session. You don't want to give the Helpdesk access to the System Status where they can do all kinds of harm, but they do need to be able to kill a session. This is my attempt at a solution.

    (I had wanted to do the coding for this in Javascript, but I had a hard time with the structured arrays... so good old-fashioned expressions is what I ended up using.)

    You're going to create one link record, two forms, and three wizard records to accomplish this. You'll also need to put this on a menu so your users can access it. For my purposes, we'll just use the HOME menu, but feel free to make whatever modifications you need.

    First, we'll start with the two forms.
    The first provides a place for your operator to enter which user to kill.

    Form Name: cg.KillUserSessions.User
    Form Element: Label
    Caption: User ID:

    Form Element: Comfill
    Input: $cg.user.id
    Fill Button Visible: true

    Form Element: Comfill
    Input: $cg.user.name
    Fill Button Visible: true

    The second form, is a mimic of the System Status, with information about the specific user's session(s).

    Form Name: cg.KillUserSessions.Sessions
    Form Element: Table
    Columns: Kill, User ID, Date, Idle Time, PID, Host
    Show Columns: true

    Form Element: Column
    Column Title: Kill
    Input: $cg.killSession

    Form Element: Column
    Column Title: User ID
    Input: $cg.sessionInfo.user
    Read Only: true

    Form Element: Column
    Column Title: Date
    Input: $cg.sessionInfo.date
    Read Only: true

    Form Element: Column
    Column Title: Idle Time
    Input: $cg.sessionInfo.idle
    Read Only: true

    Form Element: Column
    Column Title: PID
    Input: $cg.sessionInfo.pid
    Read Only: true

    Form Element: Column
    Column Title: Host
    Input: $cg.sessionInfo.host
    Read Only: true


    Then the link - this is just so users can enter either an operator ID or a user's full name, to bring the ID back for the rest of the wizard.

    Link Name: cg.KillUserSessions.User
    -----------------------------------------------------
    Source Field: $cg.user.id
    Target File: operator
    Target Field: name
    Query: $query
    Expressions -
    if (not null($cg.user.id)) then ($query="name=\"+$cg.user.id+"\"")

    Source Field | Target Field
    $cg.user.id | name
    $cg.user.name | full.name
    -----------------------------------------------------
    Source Field: $cg.user.name
    Target File: operator
    Target Field: full.name
    Query: $query
    Expressions -
    if (not null($cg.user.name)) then ($query="full.name=\""+$cg.user.name+"\"")

    Source Field | Target Field
    $cg.user.id | name
    $cg.user.name | full.name


    Then, the meat of the work, are the three wizards.

    The first gets the information about who is going to be killed, and checks to make sure that user is logged in to SM. Once we get the operator id, the system gathers information about that operator, like the time they logged in, how long they've been idle, etc.

    Wizard Name: cg.KillUserSession.1
    Start Node: true
    Window Title: Kill User Session
    Title: Select User:
    Prompt: Enter the User ID or the User Name of the user whose session you want to kill.

    File Selection -
    Select $L.file by: No $L.file (use typecheck)
    Wizard Usage -
    Request User Input
    Subformat to display: cg.KillUserSessions.User
    Actions -
    Perform Actions On: Current File ($L.file)
    Actions to Perform:
    Expressions:
    $L.processes=processes("USER");$cg.sessionInfo.user={};$cg.sessionInfo.date={}; $cg.sessionInfo.idle={};$cg.sessionInfo.pid={};$cg .sessionInfo.name={};$cg.sessionInfo.id={}

    $cg.i=0;while ($cg.i
    Messaging -
    Messages when complete:
    Message | Condition | Type | Level
    Please enter a User ID. | null($cg.user.id) | Pop Up | Error
    No one with that ID is logged in to the system. | nullsub($L.not.on, true)=true | Pop Up | Error

    Next Wizard -
    Wizard Name | Condition
    cg.KillUserSession.2 | not null($cg.user.id) and $L.not.on=false
    cg.KillUserSession.1 | true


    Once the system gathers this information, it presents it to the operator in a form similar to the system status, but it only shows _that_ user's information.

    Wizard Name: cg.KillUserSession.2
    Window Title: Kill User Session
    Title: Select Session:
    Prompt: Enter "k" by each session you want to kill.
    File Selection -
    Select $L.file by: $L.file passed in
    Initial Expressions -
    $cg.k.index=lng($cg.sessionInfo.user)
    for $L.vi = 1 to $cg.k.index do ($cg.killSession=insert($cg.killSession, 1, 1, ""))
    Wizard Usage -
    Request User Input
    Subformat to display: cg.KillUserSessions.Sessions
    Next Wizard -
    Wizard Name | Condition
    cg.KillUserSession.3 | true


    Then the third wizard actually sends the signal command to kill that particular session.

    Wizard Name: cg.KillUserSession.3
    File Selection -
    Select $L.file by: No $L.file (use typecheck)
    Wizard Usage -
    Skip Display.
    Actions -
    Perform Actions On: Current File ($L.file)
    Actions to Perform:
    Expressions:
    $cg.killSession.length=lng($cg.killSession);for $cg.k.index = 1 to $cg.killSession.length do (if ($cg.k.index in $cg.killSession"k" then ($L.void=rtecall("callrad", $L.rc, "signal", {"name"}, {$cg.k.index in $cg.sessionInfo.id}, true)))
    Messaging -
    Messages when complete:
    Message | Condition | Type | Level
    The user's Session(s) were successfully killed. | $L.void=true | Pop Up | Info

    Then, just add an option to the Menu so your users have access:
    Menu: HOME
    Description: Kill User Session
    Application: wizard.run
    Parameter Name: name
    Parameter Value: cg.KillUserSession.1
    Condition: true

    Or, instead of true, put whatever condition you want, so that only the users you need have access to this feature.


    And that should be it. A functional way to kill a user's session while preventing them from accidentally killing processes needed by the system.

    Feel free to modify as needed; and good luck to us all.
    Attached Files

    • seawind198107
      #20
      seawind198107 commented
      Editing a comment
      Amazing Jacob.

    • rrrobert
      #21
      rrrobert commented
      Editing a comment
      Dude! This is really good! Thanks

    • cactusdsl
      #22
      cactusdsl commented
      Editing a comment
      It is 2013 and the code is still fantastic. Just implemented this in my system, VERY USEFUL!!
    Posting comments is disabled.

Categories

Collapse

Article Tags

Collapse

Latest Articles

Collapse

Working...
X