You are viewing limited content. For full access, please sign in.

Question

Question

SDK Save Document Minimum Access Rights, Feature Rights & Privileges

Updated April 3, 2014
asked on April 1, 2014 Show version history

We have used the Laserfiche SDK to develop a small application that saves documents to a Laserfiche repository.  The application uses the following classes:

 

  • Session
  • RepositoryRegistration
  • FolderInfo
  • DocumentInfo
  • FieldValueCollection
  • DocumentImporter

 

The application also uses the following functions:

 

  • Session.LogIn
  • Session.Close
  • Folder.GetRootFolder
  • FieldValueCollection.Add
  • FolderInfo.Create
  • DocumentInfo.Create
  • DocumentInfo.SetTemplate
  • DocumentInfo.SetFieldValues
  • DocumentInfo.Save
  • DocumentInfo.Dispose  
  • DocumentImporter.Document
  • DocumentImporter.ImportImages

 

Please can someone tell me why our application requires the application to have the Set Trustees Privilege in order to save a document to Laserfiche? Without the application user having this privilege our application fails to save documents in Laserfiche with a truncated error message of “Exception of type 'Laserfiche.RepositoryAccess.NoC”.

 

Many thanks, in anticipation.

 

With regards.

 

1 0

Replies

replied on April 1, 2014 Show version history

The minimum security settings to do what you want are:

  • Import Right EDIT: The Import Right is not necessary.
  • Bypass Folder Filter Expressions Privilege EDIT: This is not strictly required, but if you do not use Folder Filter Expressions in your repository, you should give it to the Everyone group.
  • Browse on your repository's root folder
  • Read on your repository's root folder
  • Create Documents on your repository's root folder
  • Create Folders on your repository's root folder

With these security settings, I am able to run the following sample code:

public static void Main(string[] argv)
{
    RepositoryRegistration reg = 
        new RepositoryRegistration("my-server", "my-repo");
    using (Session session = Session.Create(reg, "user", "pass"))
    {
        FolderInfo root = Folder.GetRootFolder(session);
        FolderInfo child = new FolderInfo(session);
        child.Create(root, "test", EntryNameOption.None);

        DocumentInfo doc = new DocumentInfo(session);
        doc.Create(child, "testdoc", EntryNameOption.None);
        doc.SetTemplate("General");
        FieldValueCollection fields = new FieldValueCollection();
        fields.Add("Type", "Test Field Value");
        doc.SetFieldValues(fields);
        DocumentImporter importer = new DocumentImporter();
        importer.Document = doc;
        importer.ImportImages(
            @"C:\users\matt.kelly\desktop\test.tif");
        doc.Save();
        doc.Dispose();
    }
}

This uses all of the classes and methods that you mention, so I assume that your application is doing something similar.

1 0
replied on April 3, 2014

I'm going to ask something completely out of left field here. Do the user accounts that the integration is running as have named user licenses allocated to them? A user with 'Set Trustee Privilege' has a special 1 session administrative login (in order to be able to do things like set named user allocations in the first place before they are setup). If you don't have a named user account (or have, say, a retrieval account), it may be that the reason it's working with Set Trustee Privileges present is not a security one specifically, but due to this licensing handling. Alternatively, the same could apply if the user you are using is explicitly flagged as read-only.

1 0
replied on April 1, 2014 Show version history

I tried the configuration you suggested, but our application failed to save a document in Laserfiche without the Set Trustees Privilege privilege.

 

We can successfully save a document in Laserfiche with JUST the following configuration:

 

Create Documents on the repository root folder
Create Folders on the repository root folder
Set Trustees Privilege

 

Everyone has Browse and Read access to the repository root folder

 

I still don't see why our application needs the Set Trustees Privilege privilege

0 0
replied on April 1, 2014 Show version history

I don't think I can figure out why you need the Set Trustee privilege without seeing source code. Are you certain you aren't trying to set any user security? None of the classes or methods you listed should require that privilege.

 

The code I posted above works fine without Set Trustees on the user. Just Create Documents, Create Folders, Browse, and Read. You are correct that the Import Right is not needed.

 

It would be useful if you could at least give details on the error you get when you don't have the Set Trustee privilige.

1 0
replied on April 2, 2014

The key extracts of the code of our application are as follows:

 

Session GlobalSession = new Session();
RepositoryRegistration repository = new RepositoryRegistration(serverName, repoName);
GlobalSession.LogIn(username, password, repository);
FolderInfo LFRoot = Folder.GetRootFolder(GlobalSession);
DocumentInfo DocInfo = new DocumentInfo(GlobalSession);
FieldValueCollection DocFieldCol = new FieldValueCollection();
#region Populate the Laserfiche Variable with the DocFields Class values
DocFieldCol.Add("ReservationNo", GridItem.ReservationNo);
#endregion
FolderInfo DocFolder = new FolderInfo(GlobalSession);
DocFolder.Create(LFRoot, GridItem.ReservationNo, EntryNameOption.AutoRename);
DocInfo.Create(DocFolder, GridItem.ReservationNo, EntryNameOption.AutoRename);
DocInfo.SetTemplate("Registration");
DocInfo.SetFieldValues(DocFieldCol);
MemoryStream SourceImageFile = new MemoryStream();
GuestStationImage.Save(SourceImageFile, System.Drawing.Imaging.ImageFormat.Tiff);
DocumentImporter DocImporter = new DocumentImporter();
DocImporter.Document = DocInfo;
DocImporter.ImportImages(SourceImageFile);
DocInfo.Save();
DocInfo.Dispose();

 

From what I can see there is very little difference between our code and your code, with the exception perhaps that our code logs into the Laserfiche repository, whereas your code creates a session.

 

Maybe the above information will help us move to a position where our application user does not need the Set Trustee Privileges privilege?

 

Many thanks.

0 0
replied on April 2, 2014

Hi John,

 

A few questions:

  1. What version of the SDK and Server are you using?
  2. What source line is throwing the Exception?
  3. When do you call Session.LogOut?
  4. If you catch the Exception in a try-catch, can you get its complete details (type, message, error code, stack trace)?

 

Our code is indeed nearly identical - and internally Session.Create does exactly what you are doing here, so that is not the issue. You should double check the user's rights on the Volume and the relevant Template and fields as well. On the Volume the user needs Read, Add files, and Create documents. On the template the user needs Read and on each field they need Read, Create, and Edit.

0 0
replied on April 3, 2014

Everyone has Read, Add files, and Create documents rights to the only volume in the repository.

 

Everyone has Read rights to the Template.

 

Everyone has Read, Create and Edit rights to all fields within the repository.

 

Our application still needs the Set Trustee Privilege to store a document within Laserfiche.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...