Anatomy of a template

This section covers:

Basic structure

Below is the basic structure of a template:

<?xml version="1.0" encoding="utf-8"?>
   <devicetemplates>

      <devicetemplate>

         <versions>
         </versions>

         <connection-parameters>
            <connection-parameter/>
         </connection-parameters>

         <accounts>
         </accounts>

         <accesstokens>
         </accesstokens>

         <access>
         </access>

         <usertools>
         </usertools>

         <configurations>
         </configurations>

         <parameters>
         </parameters>

         <tasks>
         </tasks>

      </devicetemplate>
</devicetemplates>

Note

Osirium PAM now supports templates being split into separate files. Many of the sections above now sit inside individual files, but the overall flow is still the same.

Many tags sit inside parent tags, which are plural (group) tags.

For example:

1
2
3

<parameters>
   <parameter>
      ...

These group tags hold collections of similar tags together.

You can add additional child tags into existing parent group tags, i.e. you can add additional <parameter> tags inside any existing <parameters> tags or you can add a new <parameters> tag with new child <parameter> tags for your new parameters. Either way works. you need to make sure that a new <parameters> tag sits as a child of its parent tag, <devicetemplate>.

Throughout this documentation all pages defining tags show their applicable parent and child tags. No other parent or child relationships are valid.

The basic structure of the template as shown at the top of this page, consists of the following sections:

XML declaration

XML declaration. This should always read:

1	`<?xml version="1.0" encoding="utf-8"?>`

Device templates

This is the opening top level tag, and defines the format details of the template. There is only ever one <devicetemplates> tag.

More info here Tag: <devicetemplates>.

Device template

This is the template information tag. This defines the device info and the template version.

More info here Tag: <devicetemplate>.

Version

Defines which versions of the device are applicable to this template, and the method of checking the device version.

More info here Tag: <versions> and Tag: <version>

Connection parameters

Defines connection critical parameters used when connecting to a device.

More info here Tag: <parameters> and Tag: <parameter-connection-critical>.

Accounts

Defines any accounts that Osirium PAM expects to find already existing on a device. These accounts get automatically set to 'Approved' when a device is audited.

More info here Tag: <accounts> and Tag: <account>.

Access tokens

Defines the list of access tokens or levels available on a device. These typically map to roles on a device and allow for personalised accounts to be created and given these roles.

More info here Tag: <accesstokens> and Tag: <accesstoken>.

Access

Defines any device specific actions required to successfully connect to and run tasks on the device.

More info here Tag: <access>.

Configuration

Defines a number of configuration settings about the device, including maximum password length, password rules, password complexity etc.

More info here Tag: <configurations> and Tag: <configuration>.

Parameters

Defines any required task inputs. It is recommended you define task parameters in the same sub template as the task that uses them.

More info here Tag: <parameters> and Tag: <parameter-task-input>.

Tasks

Defines a number of tasks to provide user management actions on the device, including:

List the accounts on the device.
Add a new account on the device.
Update an account password on the device.
Delete an account from the device.
Enable or disable an account on the device.

More info here Tag: <tasks> and Tag: <task>.