MDS 2008 R2 - Delpoyment of User Permissions
-
Friday, February 15, 2013 2:19 PMHi, We are building an MDS model for a large blue chip company in the UK. In our model we have three different user groups defined and these groups have various model permissions set up to control which entities in the model each user group can view/edit. We have three completely independant MDS environments configured - one for development, one for testing and finally production. We recently packaged up our model in development (including the data) and deployed the package to the test environment. Our issue is the user group permissions in the model don't appear to have been deployed as part of this process. Question - is this expected behaviour? If it is, is there away for us to generate a SQL script that when run on the test MDS database will define these permissions? We have made sure that the user groups themselves are present in all environments. Some background - the company has tight change control procedures and insist that all deployments are checked in to source control. This works as far as we can check the MDS package in but our challenge is how do we store the model user privs? Any help appreciated. James
All Replies
-
Thursday, February 21, 2013 5:26 AMModerator
Hi James,
Are you on 2008R2 ?
We had the same issue last year on a big project. We resolved it with API :
to export User rights:
private void btExportUR_Click(object sender, EventArgs e) { try { Cursor.Current = Cursors.WaitCursor; if (this.cbModel.SelectedItem != null) { if (this.folderBrowserDialog1.ShowDialog() != DialogResult.OK) return; MDSWrapper mdsWrapper = new MDSWrapper(); Identifier identifier = this.cbModel.SelectedItem as Identifier; mdsWrapper.ExportSecurityPrincipals((object)identifier.Name, this.folderBrowserDialog1.SelectedPath, "UserPrincipals.xml", PrincipalType.UserAccount, (string)null); mdsWrapper.ExportSecurityPrincipals((object)identifier.Name, this.folderBrowserDialog1.SelectedPath, "GroupPrincipals.xml", PrincipalType.Group, (string)null); mdsWrapper.ExportSecurityPrivileges(identifier.Name, this.folderBrowserDialog1.SelectedPath, "Privileges.xml", (string)null); } else { int num = (int)MessageBox.Show("Please select a model first"); } } catch (Exception ex) { this.lblError.Text = ex.Message; } finally { Cursor.Current = Cursors.Default; } }to import user rights:
private void btImportUR_Click(object sender, EventArgs e) { try { Cursor.Current = Cursors.WaitCursor; if (this.folderBrowserDialog1.ShowDialog() != DialogResult.OK) return; new MDSWrapper().ImportSecurityPrincipals(this.folderBrowserDialog1.SelectedPath, "UserPrincipals.xml", "GroupPrincipals.xml", "Privileges.xml", "false"); } catch (Exception ex) { this.lblError.Text = ex.Message; } finally { Cursor.Current = Cursors.Default; } }
with
public void ImportSecurityPrincipals(string folderName, string userPrincipalsFileName, string groupPrincipalsFileName, string privilegesFileName, string isUpdate = "false") { try { SecurityPrivileges Privileges = (SecurityPrivileges)null; SecurityPrincipals Principals1 = (SecurityPrincipals)null; SecurityPrincipals Principals2 = (SecurityPrincipals)null; if (!string.IsNullOrEmpty(groupPrincipalsFileName)) Principals1 = (SecurityPrincipals)Tools.DeserializeFile(folderName, groupPrincipalsFileName, typeof(SecurityPrincipals)); if (!string.IsNullOrEmpty(userPrincipalsFileName)) Principals2 = (SecurityPrincipals)Tools.DeserializeFile(folderName, groupPrincipalsFileName, typeof(SecurityPrincipals)); if (!string.IsNullOrEmpty(privilegesFileName)) Privileges = (SecurityPrivileges)Tools.DeserializeFile(folderName, privilegesFileName, typeof(SecurityPrivileges)); using (ServiceClient serviceClient = new ServiceClientWrapper().CreateServiceClient()) { if (isUpdate == "false") { SecuritySet SecuritySet; if (!string.IsNullOrEmpty(groupPrincipalsFileName)) serviceClient.SecurityPrincipalsCreate(new International(), Principals1, out SecuritySet); if (!string.IsNullOrEmpty(userPrincipalsFileName)) serviceClient.SecurityPrincipalsCreate(new International(), Principals2, out SecuritySet); if (string.IsNullOrEmpty(privilegesFileName)) return; serviceClient.SecurityPrivilegesCreate(new International(), Privileges, out SecuritySet); } else serviceClient.SecurityPrincipalsUpdate(new International(), Principals1); } } catch (Exception ex) { throw ex; } }and
public void ExportSecurityPrincipals(object modelName, string folderName, string principalsFileName, PrincipalType principalType, string principalName = null) { try { SecurityPrincipalsCriteria Criteria = new SecurityPrincipalsCriteria(); Criteria.All = false; Criteria.SecurityResolutionType = SecurityResolutionType.UserAndGroup; Criteria.Type = principalType; Criteria.ResultType = ResultType.Details; Criteria.ModelPrivilege = ResultType.None; Criteria.FunctionPrivilege = ResultType.None; Criteria.HierarchyMemberPrivilege = ResultType.None; SecurityPrincipalsCriteria principalsCriteria = Criteria; Collection<Identifier> collection; if (principalName == null) collection = (Collection<Identifier>)null; else collection = new Collection<Identifier>() { new Identifier() { Name = principalName } }; principalsCriteria.Identifiers = collection; SecurityPrincipals Principals; using (ServiceClient serviceClient = new ServiceClientWrapper().CreateServiceClient()) { OperationResult operationResult = serviceClient.SecurityPrincipalsGet(new International(), Criteria, out Principals); if (operationResult.Errors.Count > 0) { string str = string.Empty; foreach (Common.ServiceReference1.Error error in operationResult.Errors) str = str + (object)error.Code + "; " + (string)(object)error.Context + "; " + error.Description + "\n"; throw new Exception("Error on SecurityPrincipalsGet: \n" + str); } } Tools.SerializeSecurityXml(folderName, principalsFileName, (object)Principals); } catch (Exception ex) { throw ex; } } public void ExportSecurityPrivileges(string modelName, string folderName, string privilegesFileName, string principalName = null) { try { this.ExportSecurityPrivileges((object)new Identifier() { Name = modelName }, folderName, privilegesFileName, principalName); } catch (Exception ex) { throw ex; } } public void ExportSecurityPrivileges(object modelIdentifier, string folderName, string privilegesFileName, string principalName = null) { try { SecurityPrivilegesGetCriteria Criteria = new SecurityPrivilegesGetCriteria(); SecurityPrivilegesGetCriteria privilegesGetCriteria1 = Criteria; FunctionPrivilegesCriteria privilegesCriteria1 = new FunctionPrivilegesCriteria(); privilegesCriteria1.ResultType = ResultType.Details; FunctionPrivilegesCriteria privilegesCriteria2 = privilegesCriteria1; Identifier identifier1; if (principalName == null) identifier1 = (Identifier)null; else identifier1 = new Identifier() { Name = principalName }; privilegesCriteria2.PrincipalId = identifier1; FunctionPrivilegesCriteria privilegesCriteria3 = privilegesCriteria1; privilegesGetCriteria1.FunctionPrivilegesCriteria = privilegesCriteria3; SecurityPrivilegesGetCriteria privilegesGetCriteria2 = Criteria; HierarchyMemberPrivilegesCriteria privilegesCriteria4 = new HierarchyMemberPrivilegesCriteria(); privilegesCriteria4.ModelId = modelIdentifier != null ? modelIdentifier as Identifier : (Identifier)null; privilegesCriteria4.ResultType = ResultType.Details; HierarchyMemberPrivilegesCriteria privilegesCriteria5 = privilegesCriteria4; Identifier identifier2; if (principalName == null) identifier2 = (Identifier)null; else identifier2 = new Identifier() { Name = principalName }; privilegesCriteria5.PrincipalId = identifier2; HierarchyMemberPrivilegesCriteria privilegesCriteria6 = privilegesCriteria4; privilegesGetCriteria2.HierarchyMemberPrivilegesCriteria = privilegesCriteria6; SecurityPrivilegesGetCriteria privilegesGetCriteria3 = Criteria; ModelPrivilegesCriteria privilegesCriteria7 = new ModelPrivilegesCriteria(); privilegesCriteria7.ModelId = modelIdentifier != null ? modelIdentifier as Identifier : (Identifier)null; privilegesCriteria7.ResultType = ResultType.Details; ModelPrivilegesCriteria privilegesCriteria8 = privilegesCriteria7; Identifier identifier3; if (principalName == null) identifier3 = (Identifier)null; else identifier3 = new Identifier() { Name = principalName }; privilegesCriteria8.PrincipalId = identifier3; ModelPrivilegesCriteria privilegesCriteria9 = privilegesCriteria7; privilegesGetCriteria3.ModelPrivilegesCriteria = privilegesCriteria9; SecurityPrivileges Privileges; using (ServiceClient serviceClient = new ServiceClientWrapper().CreateServiceClient()) { OperationResult operationResult = serviceClient.SecurityPrivilegesGet(new International(), Criteria, out Privileges); if (operationResult.Errors.Count > 0) throw new Exception("Error on SecurityPrincipalsGet: " + operationResult.Errors[0].Description); } Tools.SerializeSecurityXml(folderName, privilegesFileName, (object)Privileges); } catch (Exception ex) { throw ex; } }you can find the FULL (and free) source code included in my new (BETA) release of MDSManager
http://mdsmanager.codeplex.com/releases/view/102239
Regards,
Xavier Averbouch
Microsoft Community Contributor
SOAT
If a post answers your question, please click "Mark As Answer" on that post and "Vote as Helpful".- Edited by Xavier Averbouch [xavave]Moderator Thursday, February 21, 2013 5:27 AM
- Proposed As Answer by Elvis LongMicrosoft Contingent Staff, Moderator Tuesday, February 26, 2013 7:31 AM
- Marked As Answer by MDSDeveloper Tuesday, February 26, 2013 7:37 AM
-
Tuesday, February 26, 2013 7:38 AMThank you for the detailed response this is exactly what we are looking to do. Many thanks again, James
