7. Navigate to the following: Policies > Tag Library. Click the Create button. Call the tag name: PowerUser. Set the description to “Is this person a power user.” Set the type to INTEGER. Set possible tag values to 0,1. Click Next.
8. Click the + button next to Entities view. Select Administration in the Category drop down. Click the box next to the User taggable entity (Figure 5). Click Submit. Click Submit.
9. Navigate to the following: Administration > Users & Groups > Users Tab. Click on the user to whom you wish to give privileges. Click the Manage Tag button. Click the + button next to Tag view. Select PowerUser from the Tag Name drop down (Figure 6). Select 1 from the Tag Value drop down. Click Submit. Click Submit.
10. Go into a test workflow, add the new CDWIsPowerUser custom workflow task to your flow. Note that the following values are required:
- Power User Group: This is the TAG name it is looking for. As of this code, it does not check the value; it just checks the existence of the tag is (what this script will key off of to provide indication of elevated rights).
- ContinueOnError: 0 = you want the script to stop/fail; 1 = you plan to use the IsPowerUser custom workflow task output in future steps to take or not take action.
- PowerUserComparisonCheck: 0 = use tags, 1 = use profiles.
See the Code in Action
1. A user has the PowerUser tag set on their profile (Figure 7):
Log (Figure 8):
2. A user does not have the PowerUser tag set on their profile and ContinueOnError is set to 1 (Figure 9):
3. A user does not have the PowerUser tag set on their profile and ContinueOnError is set to 0 (Figure 10):
Taking It a Step Further
Create a workflow using the output from your function to do one of the following:
- Is Power User == True: Log the output of the CDWIsPowerUser
- Is Power User == False: Send email alerting of bad behavior.
- On some other failure, stop.
Figure 11 shows the IfElse Logic:
Figure 12 shows what the workflow would look like:
Figure 13 shows when it is executed:
The End Result?
As you can see, UCS Director can easily be extended to support additional functionality. This one change allows admins to leverage the Self-Service portal to publish workflows to only those users you want to be able to execute specific tasks. While others might see the workflows, they will not be able to run them. Additionally, this custom workflow task could be leveraged to carve out sections of tasks that either skip or take alternative paths based on tags.
Check out StateTech Magazine to see how San Joaquin County used Cisco UCS Director to create a cloud service that allowed users to spin up their own virtual servers.
Any questions? Feel free to leave a comment below.