You are viewing limited content. For full access, please sign in.

Question

Question

How can I generate report about User Groups, Member access and functionality?

Updated October 27, 2017
asked on March 13, 2015


In Laserfiche V8.1, do you know if it is possible to generate a report that will show all the defined groups/roles in a given repository and all its user members, including what access and functionalities are available to them?

 

Without this report, we would have to open and expand through hundreds of groups to gather this information

1 0

Replies

replied on March 13, 2015 Show version history

It is completely possible but would take some effort.

 

All accounts, group mappings, and privledges and features are denoted in the SQL database.

 

Individual mappings are not always defined in documentation but the overall schema is very easy to digest. (*big kudos to the developers btw) so you can readily derive meaning with a little bit of thought.

 

After you map user accounts to user_id's, and user ids to groups, you will find that security is marked with a "mask" and will be your largest portion of effort.

 

By "mask" I mean a value is written with derived meaning much like linux permissions. chmod 777, gives a user all access to a file in linux, "503054063" privs value in the sql table [account_security] gives a Laserfiche user ALL privileges and "536885055" uif value gives them ALL features as listed in the repository administration console. This masking will take some work of trial and error in understanding the values by referencing the translated meaning through the Administration console.

 

Entry access level permissions follow the same theory and there is a seperate tool which can "crawl" your repository to map these out to a cvs file. This is available on the support site as a free SDK solution but takes significant time to run as it has to walk through each folder, check for permissions declared & inherited and write them to file.

 

Best of luck, I hope this can point you in a decent direction,

Carl

1 0
replied on October 24, 2017

Dear Team,

I have similar question , but different scenario. In [entryacl] table has Mask field which is used for permission like Browse , read, Modify content and etc.,  I would like to know how to get the permissions or rights for all folders in the repository by using SDk 9.1 which contains Repositoryaccess .dll.

Please help me out on this

 

Thanks,

Venkata

0 0
replied on October 25, 2017

The EntryInfo class has a GetEffectiveRights() function that returns the rights that a trustee has on an entry, taking into account things like group membership and ACE inheritance.  There is also a BatchGetEffectiveRights function, for when you want to perform this operation on many trustees at once - which allows the server to reuse scope computations - but I think this was added more recently than 9.1.

Web Access 10.2 added reports to automate this process and return the results as either an Excel document or a printable format.

0 0
replied on October 26, 2017

Thank you Brain, your reply reolsved my problem. But got other issue that is I downloaded the SDK 9.0 which contains Repositoryaccess.dll net 2.0 and 4.0 version, but when I added to my .net 3.5 version with dll of 2.0 version ,it throwing an error like "could not be resolved because it has an indirect dependency on the.NET Framework assembly "System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" which has a higher version "4.0.0.0" than the version "2.0.0.0" in the current target framework" , actually I am using 3.5 version of .Net and dll of 2.0. however it was throwing  error.

Could you please help me out

 

Thanks ,

Venkata

0 0
replied on October 27, 2017

I don't have 9.0 anywhere that I can test, but I don't have this problem with 9.1.  What comes before "could not be resolved" in the error, and what exactly did you do that triggered the error? (It sounds like it's from Visual Studio but I'm not sure).

In any event, this sounds like a different question than one about generating reports.

0 0
replied on October 24, 2017

I mean how can I know if Mask value is 959 then folder have access like browse,read,modifycontents,appenddata,Rename ,delete,seeannonations,annonate,seethroughredactions rights?

 

I am very confused with Mask value,

 

Thanks 

Venkata 

0 0
replied on October 25, 2017

See GetAclDisplayRights() function in the SDK documentation. It will display a list of all allowed rights.

Maybe you can describe the problem you're trying to solve a bit more? Why are you looking at the table to determine the rights on an entry and not in the Access Rights dialog in the Laserfiche Client or Web Access (which would translate the rights to their names)?

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...