locked
How to get an effective permission for an attribute using MDS Service RRS feed

  • Question

  • How to get an effective permission for an attribute for currently logged-in user using MDS service objects (SecurityPrincipal and SecurityPrivileges).

    Suzanne Selhorn:
    As you have mentioned on Page 304 of your book I am trying to get SecurityPrincipals and then SecurityPrivileges. But when I Log-in with the user other than MDS System Administrator I do not get Model Security Privileges.

    I have also tried by giving UPDATE rights to Model object so as to make user Model Administrator. This also resulted in no Model level privileges.

    Please help
    Thanks & BR,
    PRASAD

    Monday, August 15, 2011 12:26 PM

Answers

  • Hi Prasad

     

    how to get security principals :

    SecurityPrincipals principals;
                
                SecurityPrincipalsCriteria spc = new SecurityPrincipalsCriteria();
                spc.All = false;
                spc.SecurityResolutionType = SecurityResolutionType.UserAndGroup;
                spc.Type = principalType;// PrincipalType.Group;
                spc.ResultType = ResultType.Details;
                spc.ModelPrivilege = ResultType.None;
                spc.FunctionPrivilege = ResultType.None;
                spc.HierarchyMemberPrivilege = ResultType.None;
    
                spc.Identifiers = principalName != null ? new Collection<Identifier> { new Identifier() { Name = principalName } } : null;
    
                using (ServiceClient c = GetProxy())
                {
                    OperationResult or = c.SecurityPrincipalsGet(new International(), spc, out principals); 
                    if (or.Errors.Count > 0)
                    {
                        string s = "";
                        foreach (Error er in or.Errors)
                            s += er.Code + "; " + er.Context + "; " + er.Description + "\n" ;
                        throw new Exception("Error on SecurityPrincipalsGet: \n" + s);   
                    }
                }
    

    how to get security privileges:

     SecurityPrivileges privileges;
    
                SecurityPrivilegesGetCriteria spgc = new SecurityPrivilegesGetCriteria();
                spgc.FunctionPrivilegesCriteria = new FunctionPrivilegesCriteria()
                {
                    ResultType = ResultType.Details,
                    PrincipalId = principalName != null ? new Identifier() { Name = principalName } : null,
                };
    
                spgc.HierarchyMemberPrivilegesCriteria = new HierarchyMemberPrivilegesCriteria()
                {
                    ModelId = modelIdentifier != null ?(modelIdentifier as Identifier) : null,
                    ResultType = ResultType.Details,
                    PrincipalId = principalName != null ? new Identifier() { Name = principalName } : null
                };
    
                spgc.ModelPrivilegesCriteria = new ModelPrivilegesCriteria()
                {
                    ModelId = modelIdentifier != null ? (modelIdentifier as Identifier) : null,
                    ResultType = ResultType.Details,
                    PrincipalId = principalName != null ? new Identifier() { Name = principalName } : null
                };
                
    
                using (ServiceClient c = GetProxy())
                {
                    OperationResult or = c.SecurityPrivilegesGet(new International(), spgc, out privileges); 
                    if (or.Errors.Count > 0)
                        throw new Exception("Error on SecurityPrincipalsGet: " + or.Errors[0].Description);   
                }
    

    Regards,



    Xavier Averbouch
    Microsoft Community Contributor
    Avanade , FRANCE
    If a post answers your question, please click "Mark As Answer" on that post and "Vote as Helpful".
    Thursday, September 29, 2011 11:46 AM

All replies

  • Hi Prasad

     

    how to get security principals :

    SecurityPrincipals principals;
                
                SecurityPrincipalsCriteria spc = new SecurityPrincipalsCriteria();
                spc.All = false;
                spc.SecurityResolutionType = SecurityResolutionType.UserAndGroup;
                spc.Type = principalType;// PrincipalType.Group;
                spc.ResultType = ResultType.Details;
                spc.ModelPrivilege = ResultType.None;
                spc.FunctionPrivilege = ResultType.None;
                spc.HierarchyMemberPrivilege = ResultType.None;
    
                spc.Identifiers = principalName != null ? new Collection<Identifier> { new Identifier() { Name = principalName } } : null;
    
                using (ServiceClient c = GetProxy())
                {
                    OperationResult or = c.SecurityPrincipalsGet(new International(), spc, out principals); 
                    if (or.Errors.Count > 0)
                    {
                        string s = "";
                        foreach (Error er in or.Errors)
                            s += er.Code + "; " + er.Context + "; " + er.Description + "\n" ;
                        throw new Exception("Error on SecurityPrincipalsGet: \n" + s);   
                    }
                }
    

    how to get security privileges:

     SecurityPrivileges privileges;
    
                SecurityPrivilegesGetCriteria spgc = new SecurityPrivilegesGetCriteria();
                spgc.FunctionPrivilegesCriteria = new FunctionPrivilegesCriteria()
                {
                    ResultType = ResultType.Details,
                    PrincipalId = principalName != null ? new Identifier() { Name = principalName } : null,
                };
    
                spgc.HierarchyMemberPrivilegesCriteria = new HierarchyMemberPrivilegesCriteria()
                {
                    ModelId = modelIdentifier != null ?(modelIdentifier as Identifier) : null,
                    ResultType = ResultType.Details,
                    PrincipalId = principalName != null ? new Identifier() { Name = principalName } : null
                };
    
                spgc.ModelPrivilegesCriteria = new ModelPrivilegesCriteria()
                {
                    ModelId = modelIdentifier != null ? (modelIdentifier as Identifier) : null,
                    ResultType = ResultType.Details,
                    PrincipalId = principalName != null ? new Identifier() { Name = principalName } : null
                };
                
    
                using (ServiceClient c = GetProxy())
                {
                    OperationResult or = c.SecurityPrivilegesGet(new International(), spgc, out privileges); 
                    if (or.Errors.Count > 0)
                        throw new Exception("Error on SecurityPrincipalsGet: " + or.Errors[0].Description);   
                }
    

    Regards,



    Xavier Averbouch
    Microsoft Community Contributor
    Avanade , FRANCE
    If a post answers your question, please click "Mark As Answer" on that post and "Vote as Helpful".
    Thursday, September 29, 2011 11:46 AM
  • Hi,

    I want to get the securitypriveleges for a user and tried the code. I don't get any errors and don't get any user privelege information as well. Secondly SecurityPrivilegesGet method has only one parameter by definition. I am using MDS 2014 version and can't work it out.

    Any thoughts on what am I missing?

    Thanks,

    Gayatri


    Tuesday, September 26, 2017 1:12 AM