Get User Permission

Discussions related to custom development with Select.
Post Reply
timothymeyer16
Posts: 37
Joined: Mon Jun 14, 2021 9:47 am

Get User Permission

Post by timothymeyer16 »

Good evening,

I'm looking to get an understanding on how to view user permissions from within the API.

Specifically I'm looking to access:
- Which INDIVIDUAL permissions a person has
- AND the INDIVIDUAL Permissions associated to a group.
permissions.PNG
permissions.PNG (11.83 KiB) Viewed 1020 times
Groups.PNG
Groups.PNG (29.9 KiB) Viewed 1020 times
Currently I have the below code, but do not see an end point for accessing permissions.

Code: Select all

ISecurityManager secMgr = ss.GetService<ISecurityManager>();
                foreach (ISecurityIdentity id in secMgr.Identities.OrderBy(x => x.Name))
                {   
                    ISecurityUser user = secMgr.GetUser(id.ID);
                    foreach (ISecurityIdentity group in user.Groups)
                    {
                        foreach(IPermissionInfo permission in group.) // Group.Permissions - How do I see assoicated permissions in the groups?
                    }

Is there another way to access groups and their assoicated permissions?
1.PNG
1.PNG (112.24 KiB) Viewed 1020 times
timothymeyer16
Posts: 37
Joined: Mon Jun 14, 2021 9:47 am

Re: Get User Permission

Post by timothymeyer16 »

After researching extensively, I am still lost.

Code: Select all

                ISecurityManager secMgr = ss.GetService<ISecurityManager>();
                ISecurityIdentity user= secMgr.Identities.Where(t => t.FullName == "UserName").FirstOrDefault();
                ISecurityUser userUser = secMgr.GetUser(tim.ID);

                SecurityDescriptorFilterSettings filter = new SecurityDescriptorFilterSettings(typeof(ISecurityUser).GUID, user.ID); 
                // ISecurityIdentity also fails
                ISecurityDescriptor secDesc = secMgr.GetSystemSecurityDescriptor(filter); //Fails here

                IList<IAccessControlEntry> controls = secDesc.AccessControlEntries;
I believe I need to access the AccessControlEntry to make modifications, but can not successfully instantiate the ISecurityDescriptor class.

PS SecurityDescriptorFilterSettings is nowhere to be found in the documentation.

Please advise.
BobRichards
Posts: 1376
Joined: Wed Jan 15, 2014 3:50 pm
Location: Raleigh, NC
Contact:

Re: Get User Permission

Post by BobRichards »

Can you tell me exactly what you are trying to achieve? Are you trying to view permissions or change something?

Thanks
Bob Richards, Senior Software Developer, SoftPro
timothymeyer16
Posts: 37
Joined: Mon Jun 14, 2021 9:47 am

Re: Get User Permission

Post by timothymeyer16 »

Ideally both.

We need access to view and modify permissions for users and groups via the API for several upcoming projects.
BobRichards
Posts: 1376
Joined: Wed Jan 15, 2014 3:50 pm
Location: Raleigh, NC
Contact:

Re: Get User Permission

Post by BobRichards »

Here is the code to get all the permissions a user/group has...

Code: Select all

// Pick a valid user.
var secMgr = ss.GetService<ISecurityManager>();
ISecurityIdentity user = secMgr.Identities.Where(t => t.Name == @"SOFTPRO\brichards").FirstOrDefault();

// Get all permissions for user.
IList<IPermissionInfo> permissions = new List<IPermissionInfo>();
ISecurityDescriptor sysDescriptor = secMgr.GetSystemSecurityDescriptor(SecurityDescriptorFilterSettings.Default);
foreach (var permission in secMgr.Permissions)
{
    if (secMgr.HasPermission(sysDescriptor, user.ID, permission.ID))
    {
        permissions.Add(permission);
    }
}
...how to add a permission to a user/group...

Code: Select all

// Add a permission - "Pro1099\1099 Notes-Add"
IPermissionInfo permissionNotesAdd = secMgr.Permissions.Where(t => t.Name == @"Pro1099\1099 Notes-Add").FirstOrDefault();
IAccessControlEntry ace = secMgr.NewAccessControlEntry(permissionNotesAdd, user, AccessFlag.Granted);
sysDescriptor.AccessControlEntries.Add(ace);
secMgr.ApplyChanges(sysDescriptor);
...and finally how to remove that permission later.

Code: Select all

IPermissionInfo permissionNotesAdd = secMgr.Permissions.Where(t => t.Name == @"Pro1099\1099 Notes-Add").FirstOrDefault();
SecurityIdentifier secIdentifier = new SecurityIdentifier(user.ID, user.Name, user.FullName);
IAccessControlEntry ace = sysDescriptor.AccessControlEntries
    .Where(t => t.PermissionID == permissionNotesAdd.ID && t.SecurityIdentifier == secIdentifier).FirstOrDefault();
sysDescriptor.AccessControlEntries.Remove(ace);
secMgr.ApplyChanges(sysDescriptor);
Let me know how it goes.
Bob Richards, Senior Software Developer, SoftPro
timothymeyer16
Posts: 37
Joined: Mon Jun 14, 2021 9:47 am

Re: Get User Permission

Post by timothymeyer16 »

Worked like a charm. Thank you.
Post Reply