Layer7 Access Management

Expand all | Collapse all

Query Embedded Entitlements Manager Group Membership

Jump to Best Answer
  • 1.  Query Embedded Entitlements Manager Group Membership

    Posted 03-31-2016 06:19 PM

    Hi, I'm looking for a way to programmatically query EEM and find users that belong to an Application Group. Is there a way to query EEM using web services, CLI, LDAP, etc?


    I'm using EEM integrated with CA Service Catalog. I'm using an external LDAP Directory as the User Store but I have Application Groups configured with users associated with them. Specifically, I need a way that will do this in the GUI:


  • 2.  Re: Query Embedded Entitlements Manager Group Membership

    Posted 04-21-2016 09:43 AM

    Hi Gill,

    We do not expose this option for the clients to perform customized queries.


    If you are looking at having certain product enhancements, you can post your ideas in the communities and this would be looked upon and responded to.




  • 3.  Re: Query Embedded Entitlements Manager Group Membership
    Best Answer

    Posted 04-21-2016 12:23 PM

    I opened up a case when I posted this question here in the communities and was able to get this from an EEM SME. I've confirmed this works so I would only need to read the xml output and parse out the data I'm looking for.


    Hi Ryan,


    One of our EEM Subject Matter Experts provided the
    following information which may be a solution for your question:


    Create a file named getUsers.xml

    In this file put in the following:



    <Attach label="Process Automation"/>

    <Export appobjects="n"
    policies="n" calendars="n" users="y"
    usergroups="n" folders="n" globalsettings="n"
    globalusers="n" globalusergroups="n"
    globalfolders="n" file="getUsers_return.xml"/>
    <Detach/> </Safex>


    Change the 'Attach label=' label of 'Process Automation'
    to whatever the registered application is.

    Save the file under the Embedded Entitlements Manager/bin
    folder Open a command window and navigate to this same folder Run the following


    Files\CA\SC\EmbeddedEntitlementsManager\bin>safex -h localhost -u EiamAdmin
    -p YourPassword -f getUsers.xml


    Obviously change the password appropriately.

    The last entries in the file (search for the first
    occurrence of “User folder”) will be the users that are a member of this
    registered application.

    The EEM SME also cautions that you cannot copy/paste the
    safex string from this email. It must be typed it out in the command window
    completely, otherwise all you will get is an error message returned.