You are viewing limited content. For full access, please sign in.

Question

Question

How do I retrieve the feature rights/privileges/etc. for Windows Trustees?

SDK Version 9
Updated May 23, 2015
asked on May 20, 2015

Hello everyone!

 

I'm rewriting a utility I had for Version 7 in Version 9 code.  (Using VB and LFSO, mostly because I want to re-use some of the code I wrote last time, if possible.)

 

This tool walks through a repository and depending on the user selection it outputs various security items.  For example, you can use it to list all the users of the repository with their privileges.  Or, have it crawl through all entries and report back each of the Entry Rights.  I found this great for documentation, troubleshooting, and sending to my users to verify their security.

 

Well, while rewriting for V9 I'm hitting a bit of a snag dealing with windows trustees.  I can get them and list them, i.e.

            Dim TrustedAccounts As LFGrantedDomainAccountCollection = _
            db.TrustedDomainAccounts
            For i As Integer = 1 To TrustedAccounts.Count
                Console.WriteLine(TrustedAccounts.Item(i))
            Next

But... .Item() only gives a string of the windows account name.  

For the LF accounts I can look at LFUser.FeatureRight() to see if that account has a specific right, for example, but I don't see the equivalent for Windows Trustees.

So...  Is there a way to get the rights, etc. for a Windows Trustee?

 

Thanks in advance

0 0

Answer

SELECTED ANSWER
replied on May 21, 2015 Show version history

I was able to use the following in C# to see if the specified windows username on the domain had the Export feature right. It spit back a Boolean true.

*I censored the domain and user name

TrusteeInfo TI = Trustee.GetInfo(new AccountReference("domain\\username", mySess), mySess);
Console.Write("Does domain\\username have Export Right? " + TI.HasAnyFeatureRights(FeatureRights.Export).ToString());

 

Is this what you are looking for?

2 0
replied on May 23, 2015

Thanks Carl!

With your help and the help of a programmer whiz at my VAR I worked it out.

db.GetTrusteeByNameI() and db.GetTrusteeBySID() can be used to reference the account from the name returned by TrustedAccount.Item().

 

0 0

Replies

replied on May 21, 2015

Surely there is some coding genius out there who knows this answer?  : )

0 0
replied on May 21, 2015

I think it's Trustee.FeatureRights.

 

Here's a snippet from the SDK help file: Tutorial: Security -> Permissions -> Feature Rights and Privledges.

Feature Rights and Privileges

Feature rights and privileges are assigned directly to a trustee object, and take a Boolean value directly rather than the Allow and Deny properties of access rights.

Similarly, in RepositoryAccess, feature rights and privileges are assigned directly to a TrusteeInfo object.

The following examples demonstrate how to assign feature rights and privileges to a user. It requires that a user named "My User" exist in the repository. The LFSO examples also assume that a connection to the Laserfiche repository "DB" has already been established. The RA examples assume that a "mySess" session object has already been created.

Important: The Laserfiche Server does not enforce feature rights. Client applications must check for feature rights and manually prevent operations as needed. In LFSO, you can use the ILFConnection interface's get_HasFeatureRight() method or HasFeatureRight property to check whether the session has the specified feature right. Similarly, in RepositoryAccess, the Session class contains a HasAllFeatureRights method and a HasAnyFeatureRights method that you can use to check whether the session has a specified feature right. The Session class also has a FeatureRights property that returns the effective feature rights for the session.

 

RA [Visual Basic]

Dim TI As TrusteeInfo = Trustee.GetInfo(New AccountReference("New User", mySess), mySess)
// Grants the "Manage Trustees" and "Manage Volumes" privilege.
TI.Privileges = Privileges.Trustee Or Privileges.Volume
// Grants the "Edit Text" and "Export" feature rights.
TI.FeatureRights = FeatureRights.Edit Or FeatureRights.Export
TI.Save

 

 

Hopefully this helps out.

You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...