Is there a way for us to extract a list of users and their roles in Service Catalog?
Service Catalog 12.9, 14.1 and 17.1
There is no direct way or took to extract a list of users and their corresponding roles in catalog system . But here is how catalog authenticates a user and determine her/his role in catalog :
1. catalog will first check if this user exists in ca_contact table in MDB . If it cannot find this user in ca_contact table , it will stop there .
2. If it can find this user in ca_contact table , it will send this user's credential over to EEM for authentication . If the user's credential can be successfully authenticated by EEM , then it will let that user get into catalog GUI by checking the following to determine what kind role this user can get in catalog GUI :
1) it checks usm_contact_domain_role table to see if this user has explicit role recorded in that table . If there is a record existed in usm_contact_domain_role for this user , then the user will be able to get into catalog GUI with the role specified in that table.
2) if that user doesn't exist in usm_contact_domain_role table ,catalog will let the user get in catalog GUI with the default role which is set by your catalog system. The default role is specified in Administration -> Configuration -> User Default -> User Default Role (requires restart of CA Service Catalog) in catalog GUI .
To explicitly specify a catalog role for a user , you can login in catalog GUI as a user with service delivery administrator role , go to Administration -> Users -> search and locate the user and then edit its catalog profile : in "User Setting" section , when you explicitly grant a role to the user and save it , it will generate/update a record in usm_contact_domain_role table .
So , in short , the user's role information is stored in usm_contact_domain_role table . If there is no record in this table for a user , then this user will have the default role specified in your catalog system .