locked
MDS 2008 R2 - Delpoyment of User Permissions RRS feed

  • Question

  • Hi, We are building an MDS model for a large blue chip company in the UK. In our model we have three different user groups defined and these groups have various model permissions set up to control which entities in the model each user group can view/edit. We have three completely independant MDS environments configured - one for development, one for testing and finally production. We recently packaged up our model in development (including the data) and deployed the package to the test environment. Our issue is the user group permissions in the model don't appear to have been deployed as part of this process. Question - is this expected behaviour? If it is, is there away for us to generate a SQL script that when run on the test MDS database will define these permissions? We have made sure that the user groups themselves are present in all environments. Some background - the company has tight change control procedures and insist that all deployments are checked in to source control. This works as far as we can check the MDS package in but our challenge is how do we store the model user privs? Any help appreciated. James
    Friday, February 15, 2013 2:19 PM

Answers

  • Hi James,

    Are you on 2008R2 ?

    We had the same issue last year on a big project. We resolved it with API :

    to export User rights:

    private void btExportUR_Click(object sender, EventArgs e)
            {
                try
                {
                    Cursor.Current = Cursors.WaitCursor;
                    if (this.cbModel.SelectedItem != null)
                    {
                        if (this.folderBrowserDialog1.ShowDialog() != DialogResult.OK)
                            return;
                        MDSWrapper mdsWrapper = new MDSWrapper();
                        Identifier identifier = this.cbModel.SelectedItem as Identifier;
                        mdsWrapper.ExportSecurityPrincipals((object)identifier.Name, this.folderBrowserDialog1.SelectedPath, "UserPrincipals.xml", PrincipalType.UserAccount, (string)null);
                        mdsWrapper.ExportSecurityPrincipals((object)identifier.Name, this.folderBrowserDialog1.SelectedPath, "GroupPrincipals.xml", PrincipalType.Group, (string)null);
                        mdsWrapper.ExportSecurityPrivileges(identifier.Name, this.folderBrowserDialog1.SelectedPath, "Privileges.xml", (string)null);
                    }
                    else
                    {
                        int num = (int)MessageBox.Show("Please select a model first");
                    }
                }
                catch (Exception ex)
                {
                    this.lblError.Text = ex.Message;
                }
                finally
                {
                    Cursor.Current = Cursors.Default;
                }
            }

    to import user rights:

     private void btImportUR_Click(object sender, EventArgs e)
            {
                try
                {
                    Cursor.Current = Cursors.WaitCursor;
                    if (this.folderBrowserDialog1.ShowDialog() != DialogResult.OK)
                        return;
                    new MDSWrapper().ImportSecurityPrincipals(this.folderBrowserDialog1.SelectedPath, "UserPrincipals.xml", "GroupPrincipals.xml", "Privileges.xml", "false");
                }
                catch (Exception ex)
                {
                    this.lblError.Text = ex.Message;
                }
                finally
                {
                    Cursor.Current = Cursors.Default;
                }
            }


    with

    public void ImportSecurityPrincipals(string folderName, string userPrincipalsFileName, string groupPrincipalsFileName, string privilegesFileName, string isUpdate = "false")
            {
                try
                {
                    SecurityPrivileges Privileges = (SecurityPrivileges)null;
                    SecurityPrincipals Principals1 = (SecurityPrincipals)null;
                    SecurityPrincipals Principals2 = (SecurityPrincipals)null;
                    if (!string.IsNullOrEmpty(groupPrincipalsFileName))
                        Principals1 = (SecurityPrincipals)Tools.DeserializeFile(folderName, groupPrincipalsFileName, typeof(SecurityPrincipals));
                    if (!string.IsNullOrEmpty(userPrincipalsFileName))
                        Principals2 = (SecurityPrincipals)Tools.DeserializeFile(folderName, groupPrincipalsFileName, typeof(SecurityPrincipals));
                    if (!string.IsNullOrEmpty(privilegesFileName))
                        Privileges = (SecurityPrivileges)Tools.DeserializeFile(folderName, privilegesFileName, typeof(SecurityPrivileges));
                    using (ServiceClient serviceClient = new ServiceClientWrapper().CreateServiceClient())
                    {
                        if (isUpdate == "false")
                        {
                            SecuritySet SecuritySet;
                            if (!string.IsNullOrEmpty(groupPrincipalsFileName))
                                serviceClient.SecurityPrincipalsCreate(new International(), Principals1, out SecuritySet);
                            if (!string.IsNullOrEmpty(userPrincipalsFileName))
                                serviceClient.SecurityPrincipalsCreate(new International(), Principals2, out SecuritySet);
                            if (string.IsNullOrEmpty(privilegesFileName))
                                return;
                            serviceClient.SecurityPrivilegesCreate(new International(), Privileges, out SecuritySet);
                        }
                        else
                            serviceClient.SecurityPrincipalsUpdate(new International(), Principals1);
                    }
                }
                catch (Exception ex)
                {
                    throw ex;
                }
            }

    and

      public void ExportSecurityPrincipals(object modelName, string folderName, string principalsFileName, PrincipalType principalType, string principalName = null)
            {
                try
                {
                    SecurityPrincipalsCriteria Criteria = new SecurityPrincipalsCriteria();
                    Criteria.All = false;
                    Criteria.SecurityResolutionType = SecurityResolutionType.UserAndGroup;
                    Criteria.Type = principalType;
                    Criteria.ResultType = ResultType.Details;
                    Criteria.ModelPrivilege = ResultType.None;
                    Criteria.FunctionPrivilege = ResultType.None;
                    Criteria.HierarchyMemberPrivilege = ResultType.None;
                    SecurityPrincipalsCriteria principalsCriteria = Criteria;
                    Collection<Identifier> collection;
                    if (principalName == null)
                        collection = (Collection<Identifier>)null;
                    else
                        collection = new Collection<Identifier>()
              {
                new Identifier()
                {
                  Name = principalName
                }
              };
                    principalsCriteria.Identifiers = collection;
                    SecurityPrincipals Principals;
                    using (ServiceClient serviceClient = new ServiceClientWrapper().CreateServiceClient())
                    {
                        OperationResult operationResult = serviceClient.SecurityPrincipalsGet(new International(), Criteria, out Principals);
                        if (operationResult.Errors.Count > 0)
                        {
                            string str = string.Empty;
                            foreach (Common.ServiceReference1.Error error in operationResult.Errors)
                                str = str + (object)error.Code + "; " + (string)(object)error.Context + "; " + error.Description + "\n";
                            throw new Exception("Error on SecurityPrincipalsGet: \n" + str);
                        }
                    }
                    Tools.SerializeSecurityXml(folderName, principalsFileName, (object)Principals);
                }
                catch (Exception ex)
                {
                    throw ex;
                }
            }
    
            public void ExportSecurityPrivileges(string modelName, string folderName, string privilegesFileName, string principalName = null)
            {
                try
                {
                    this.ExportSecurityPrivileges((object)new Identifier()
                    {
                        Name = modelName
                    }, folderName, privilegesFileName, principalName);
                }
                catch (Exception ex)
                {
                    throw ex;
                }
            }
    
            public void ExportSecurityPrivileges(object modelIdentifier, string folderName, string privilegesFileName, string principalName = null)
            {
                try
                {
                    SecurityPrivilegesGetCriteria Criteria = new SecurityPrivilegesGetCriteria();
                    SecurityPrivilegesGetCriteria privilegesGetCriteria1 = Criteria;
                    FunctionPrivilegesCriteria privilegesCriteria1 = new FunctionPrivilegesCriteria();
                    privilegesCriteria1.ResultType = ResultType.Details;
                    FunctionPrivilegesCriteria privilegesCriteria2 = privilegesCriteria1;
                    Identifier identifier1;
                    if (principalName == null)
                        identifier1 = (Identifier)null;
                    else
                        identifier1 = new Identifier()
                        {
                            Name = principalName
                        };
                    privilegesCriteria2.PrincipalId = identifier1;
                    FunctionPrivilegesCriteria privilegesCriteria3 = privilegesCriteria1;
                    privilegesGetCriteria1.FunctionPrivilegesCriteria = privilegesCriteria3;
                    SecurityPrivilegesGetCriteria privilegesGetCriteria2 = Criteria;
                    HierarchyMemberPrivilegesCriteria privilegesCriteria4 = new HierarchyMemberPrivilegesCriteria();
                    privilegesCriteria4.ModelId = modelIdentifier != null ? modelIdentifier as Identifier : (Identifier)null;
                    privilegesCriteria4.ResultType = ResultType.Details;
                    HierarchyMemberPrivilegesCriteria privilegesCriteria5 = privilegesCriteria4;
                    Identifier identifier2;
                    if (principalName == null)
                        identifier2 = (Identifier)null;
                    else
                        identifier2 = new Identifier()
                        {
                            Name = principalName
                        };
                    privilegesCriteria5.PrincipalId = identifier2;
                    HierarchyMemberPrivilegesCriteria privilegesCriteria6 = privilegesCriteria4;
                    privilegesGetCriteria2.HierarchyMemberPrivilegesCriteria = privilegesCriteria6;
                    SecurityPrivilegesGetCriteria privilegesGetCriteria3 = Criteria;
                    ModelPrivilegesCriteria privilegesCriteria7 = new ModelPrivilegesCriteria();
                    privilegesCriteria7.ModelId = modelIdentifier != null ? modelIdentifier as Identifier : (Identifier)null;
                    privilegesCriteria7.ResultType = ResultType.Details;
                    ModelPrivilegesCriteria privilegesCriteria8 = privilegesCriteria7;
                    Identifier identifier3;
                    if (principalName == null)
                        identifier3 = (Identifier)null;
                    else
                        identifier3 = new Identifier()
                        {
                            Name = principalName
                        };
                    privilegesCriteria8.PrincipalId = identifier3;
                    ModelPrivilegesCriteria privilegesCriteria9 = privilegesCriteria7;
                    privilegesGetCriteria3.ModelPrivilegesCriteria = privilegesCriteria9;
                    SecurityPrivileges Privileges;
                    using (ServiceClient serviceClient = new ServiceClientWrapper().CreateServiceClient())
                    {
                        OperationResult operationResult = serviceClient.SecurityPrivilegesGet(new International(), Criteria, out Privileges);
                        if (operationResult.Errors.Count > 0)
                            throw new Exception("Error on SecurityPrincipalsGet: " + operationResult.Errors[0].Description);
                    }
                    Tools.SerializeSecurityXml(folderName, privilegesFileName, (object)Privileges);
                }
                catch (Exception ex)
                {
                    throw ex;
                }
            }

    you can find the FULL (and free) source code included in my new (BETA) release of MDSManager 

    http://mdsmanager.codeplex.com/releases/view/102239


    Regards,


    Xavier Averbouch
    Microsoft Community Contributor
    SOAT
    If a post answers your question, please click "Mark As Answer" on that post and "Vote as Helpful".


    Thursday, February 21, 2013 5:26 AM

All replies

  • Hi James,

    Are you on 2008R2 ?

    We had the same issue last year on a big project. We resolved it with API :

    to export User rights:

    private void btExportUR_Click(object sender, EventArgs e)
            {
                try
                {
                    Cursor.Current = Cursors.WaitCursor;
                    if (this.cbModel.SelectedItem != null)
                    {
                        if (this.folderBrowserDialog1.ShowDialog() != DialogResult.OK)
                            return;
                        MDSWrapper mdsWrapper = new MDSWrapper();
                        Identifier identifier = this.cbModel.SelectedItem as Identifier;
                        mdsWrapper.ExportSecurityPrincipals((object)identifier.Name, this.folderBrowserDialog1.SelectedPath, "UserPrincipals.xml", PrincipalType.UserAccount, (string)null);
                        mdsWrapper.ExportSecurityPrincipals((object)identifier.Name, this.folderBrowserDialog1.SelectedPath, "GroupPrincipals.xml", PrincipalType.Group, (string)null);
                        mdsWrapper.ExportSecurityPrivileges(identifier.Name, this.folderBrowserDialog1.SelectedPath, "Privileges.xml", (string)null);
                    }
                    else
                    {
                        int num = (int)MessageBox.Show("Please select a model first");
                    }
                }
                catch (Exception ex)
                {
                    this.lblError.Text = ex.Message;
                }
                finally
                {
                    Cursor.Current = Cursors.Default;
                }
            }

    to import user rights:

     private void btImportUR_Click(object sender, EventArgs e)
            {
                try
                {
                    Cursor.Current = Cursors.WaitCursor;
                    if (this.folderBrowserDialog1.ShowDialog() != DialogResult.OK)
                        return;
                    new MDSWrapper().ImportSecurityPrincipals(this.folderBrowserDialog1.SelectedPath, "UserPrincipals.xml", "GroupPrincipals.xml", "Privileges.xml", "false");
                }
                catch (Exception ex)
                {
                    this.lblError.Text = ex.Message;
                }
                finally
                {
                    Cursor.Current = Cursors.Default;
                }
            }


    with

    public void ImportSecurityPrincipals(string folderName, string userPrincipalsFileName, string groupPrincipalsFileName, string privilegesFileName, string isUpdate = "false")
            {
                try
                {
                    SecurityPrivileges Privileges = (SecurityPrivileges)null;
                    SecurityPrincipals Principals1 = (SecurityPrincipals)null;
                    SecurityPrincipals Principals2 = (SecurityPrincipals)null;
                    if (!string.IsNullOrEmpty(groupPrincipalsFileName))
                        Principals1 = (SecurityPrincipals)Tools.DeserializeFile(folderName, groupPrincipalsFileName, typeof(SecurityPrincipals));
                    if (!string.IsNullOrEmpty(userPrincipalsFileName))
                        Principals2 = (SecurityPrincipals)Tools.DeserializeFile(folderName, groupPrincipalsFileName, typeof(SecurityPrincipals));
                    if (!string.IsNullOrEmpty(privilegesFileName))
                        Privileges = (SecurityPrivileges)Tools.DeserializeFile(folderName, privilegesFileName, typeof(SecurityPrivileges));
                    using (ServiceClient serviceClient = new ServiceClientWrapper().CreateServiceClient())
                    {
                        if (isUpdate == "false")
                        {
                            SecuritySet SecuritySet;
                            if (!string.IsNullOrEmpty(groupPrincipalsFileName))
                                serviceClient.SecurityPrincipalsCreate(new International(), Principals1, out SecuritySet);
                            if (!string.IsNullOrEmpty(userPrincipalsFileName))
                                serviceClient.SecurityPrincipalsCreate(new International(), Principals2, out SecuritySet);
                            if (string.IsNullOrEmpty(privilegesFileName))
                                return;
                            serviceClient.SecurityPrivilegesCreate(new International(), Privileges, out SecuritySet);
                        }
                        else
                            serviceClient.SecurityPrincipalsUpdate(new International(), Principals1);
                    }
                }
                catch (Exception ex)
                {
                    throw ex;
                }
            }

    and

      public void ExportSecurityPrincipals(object modelName, string folderName, string principalsFileName, PrincipalType principalType, string principalName = null)
            {
                try
                {
                    SecurityPrincipalsCriteria Criteria = new SecurityPrincipalsCriteria();
                    Criteria.All = false;
                    Criteria.SecurityResolutionType = SecurityResolutionType.UserAndGroup;
                    Criteria.Type = principalType;
                    Criteria.ResultType = ResultType.Details;
                    Criteria.ModelPrivilege = ResultType.None;
                    Criteria.FunctionPrivilege = ResultType.None;
                    Criteria.HierarchyMemberPrivilege = ResultType.None;
                    SecurityPrincipalsCriteria principalsCriteria = Criteria;
                    Collection<Identifier> collection;
                    if (principalName == null)
                        collection = (Collection<Identifier>)null;
                    else
                        collection = new Collection<Identifier>()
              {
                new Identifier()
                {
                  Name = principalName
                }
              };
                    principalsCriteria.Identifiers = collection;
                    SecurityPrincipals Principals;
                    using (ServiceClient serviceClient = new ServiceClientWrapper().CreateServiceClient())
                    {
                        OperationResult operationResult = serviceClient.SecurityPrincipalsGet(new International(), Criteria, out Principals);
                        if (operationResult.Errors.Count > 0)
                        {
                            string str = string.Empty;
                            foreach (Common.ServiceReference1.Error error in operationResult.Errors)
                                str = str + (object)error.Code + "; " + (string)(object)error.Context + "; " + error.Description + "\n";
                            throw new Exception("Error on SecurityPrincipalsGet: \n" + str);
                        }
                    }
                    Tools.SerializeSecurityXml(folderName, principalsFileName, (object)Principals);
                }
                catch (Exception ex)
                {
                    throw ex;
                }
            }
    
            public void ExportSecurityPrivileges(string modelName, string folderName, string privilegesFileName, string principalName = null)
            {
                try
                {
                    this.ExportSecurityPrivileges((object)new Identifier()
                    {
                        Name = modelName
                    }, folderName, privilegesFileName, principalName);
                }
                catch (Exception ex)
                {
                    throw ex;
                }
            }
    
            public void ExportSecurityPrivileges(object modelIdentifier, string folderName, string privilegesFileName, string principalName = null)
            {
                try
                {
                    SecurityPrivilegesGetCriteria Criteria = new SecurityPrivilegesGetCriteria();
                    SecurityPrivilegesGetCriteria privilegesGetCriteria1 = Criteria;
                    FunctionPrivilegesCriteria privilegesCriteria1 = new FunctionPrivilegesCriteria();
                    privilegesCriteria1.ResultType = ResultType.Details;
                    FunctionPrivilegesCriteria privilegesCriteria2 = privilegesCriteria1;
                    Identifier identifier1;
                    if (principalName == null)
                        identifier1 = (Identifier)null;
                    else
                        identifier1 = new Identifier()
                        {
                            Name = principalName
                        };
                    privilegesCriteria2.PrincipalId = identifier1;
                    FunctionPrivilegesCriteria privilegesCriteria3 = privilegesCriteria1;
                    privilegesGetCriteria1.FunctionPrivilegesCriteria = privilegesCriteria3;
                    SecurityPrivilegesGetCriteria privilegesGetCriteria2 = Criteria;
                    HierarchyMemberPrivilegesCriteria privilegesCriteria4 = new HierarchyMemberPrivilegesCriteria();
                    privilegesCriteria4.ModelId = modelIdentifier != null ? modelIdentifier as Identifier : (Identifier)null;
                    privilegesCriteria4.ResultType = ResultType.Details;
                    HierarchyMemberPrivilegesCriteria privilegesCriteria5 = privilegesCriteria4;
                    Identifier identifier2;
                    if (principalName == null)
                        identifier2 = (Identifier)null;
                    else
                        identifier2 = new Identifier()
                        {
                            Name = principalName
                        };
                    privilegesCriteria5.PrincipalId = identifier2;
                    HierarchyMemberPrivilegesCriteria privilegesCriteria6 = privilegesCriteria4;
                    privilegesGetCriteria2.HierarchyMemberPrivilegesCriteria = privilegesCriteria6;
                    SecurityPrivilegesGetCriteria privilegesGetCriteria3 = Criteria;
                    ModelPrivilegesCriteria privilegesCriteria7 = new ModelPrivilegesCriteria();
                    privilegesCriteria7.ModelId = modelIdentifier != null ? modelIdentifier as Identifier : (Identifier)null;
                    privilegesCriteria7.ResultType = ResultType.Details;
                    ModelPrivilegesCriteria privilegesCriteria8 = privilegesCriteria7;
                    Identifier identifier3;
                    if (principalName == null)
                        identifier3 = (Identifier)null;
                    else
                        identifier3 = new Identifier()
                        {
                            Name = principalName
                        };
                    privilegesCriteria8.PrincipalId = identifier3;
                    ModelPrivilegesCriteria privilegesCriteria9 = privilegesCriteria7;
                    privilegesGetCriteria3.ModelPrivilegesCriteria = privilegesCriteria9;
                    SecurityPrivileges Privileges;
                    using (ServiceClient serviceClient = new ServiceClientWrapper().CreateServiceClient())
                    {
                        OperationResult operationResult = serviceClient.SecurityPrivilegesGet(new International(), Criteria, out Privileges);
                        if (operationResult.Errors.Count > 0)
                            throw new Exception("Error on SecurityPrincipalsGet: " + operationResult.Errors[0].Description);
                    }
                    Tools.SerializeSecurityXml(folderName, privilegesFileName, (object)Privileges);
                }
                catch (Exception ex)
                {
                    throw ex;
                }
            }

    you can find the FULL (and free) source code included in my new (BETA) release of MDSManager 

    http://mdsmanager.codeplex.com/releases/view/102239


    Regards,


    Xavier Averbouch
    Microsoft Community Contributor
    SOAT
    If a post answers your question, please click "Mark As Answer" on that post and "Vote as Helpful".


    Thursday, February 21, 2013 5:26 AM
  • Thank you for the detailed response this is exactly what we are looking to do. Many thanks again, James
    Tuesday, February 26, 2013 7:38 AM
  • Hi Xavier,

       I want to get the Previleges for an entity for the specific user. I've tried to get the previleges with the following code. But it returns empty record and also not saying any error. Could you please provide the code for it.

     SecurityPrivilegesGetCriteria cri = new SecurityPrivilegesGetCriteria();
                        ModelPrivilegesCriteria mcri = new ModelPrivilegesCriteria();
                        mcri.ModelId = new Identifier { Name = "ModelName" };

                        mcri.PrincipalType = PrincipalType.UserAccount;
                        mcri.ResultType = ResultType.Identifiers;
                        mcri.ObjectId = new Identifier { Name = "EntityName" };
                        cri.ModelPrivilegesCriteria = mcri;
                        SecurityPrivilegesGetRequest PreReq = new SecurityPrivilegesGetRequest(new International(),cri);
                        SecurityPrivilegesGetResponse PreResp = serviceClient.SecurityPrivilegesGet(PreReq);

    Thanks & Regards,


    Bala.R

    Monday, May 27, 2013 12:12 PM
  • I'm not sure, but I believe you need to inform the PrincipalId (for example, User.Identifier).

    Criteria.ModelPrivilegesCriteria = new ModelPrivilegesCriteria { ModelId = modelIdentifier, PrincipalType = type, PrincipalId = principalId };


    Half Scheidl

    Monday, May 27, 2013 1:07 PM
  • And by the way, the code sent by Xavier is part of the MDS Manager tool he developed and I'm contributing at the moment. I'm working on the privileges feature, feel free to give your ideas and comments to http://mdsmanager.codeplex.com/

    Half Scheidl

    Monday, June 3, 2013 7:40 AM