Home
Extended ECM
API, SDK, REST and Web Services
Retrieving a list of users that have been assigned access rights to a particular Object
Reid_Kleinnman_(x-eu0015872_-_(deleted))
Hi, I am looking for a way to retrieve a list of users (or groups) that have been assigned access rights to a particular Livelink object given that object's ID. Looked at getObjInfo and other calls but couldn't figure out the steps I need to take. Has anyone done something like this in LAPI?
Find more posts tagged with
Comments
Greg_Lulchak_(greglulchak_-_(deleted))
Hi,You could use the GetObjectRights function.From the Livelink API Developer's Reference Guide:"This function returns a RecArray value object containing one Record of information for each user or group that has permissions on the specified object."Note that the firsts records in this array refers to User ID values of -1, -2, -3, and -4. This represent the object's owner, the owner's group, the public access rights, and the system's access rights.The access rights are stored in the Permissions field. This is a numeric field, but the permissions are stored as a bit mask. So they are not so easily interpreted by human eyes.You could use bit comparison operator, such as AND and OR to compare them with API constants such as PERM_DELETE, PERM_MODIFY, and so on.By the way, these permissions bit masks are stored in the DtreeACL table on your database.
Krishnankutty_Nair
If you are using the java lapi I enclose a richly commented sample.If it can be compiled it will print some debugging info.Hope it helps your cause
Greg_Lulchak_(greglulchak_-_(deleted))
The GetObjectRights functions gives me an array of records, each representing a record in the DTreeACL table.But I need to figure out the rights that a user has to access an object, even if there isn't a corresponding record in the DTreeACL table.I know this is related with permissions inheritance.So, is there an API function that returns the the permission set of any particular user or group on any given object?I haven't been able to find one. Though it ocurred to me something that might work:First of all, I have the object's ID and the user's ID.I use the GetObjectRights to find all users and groups in the ACL for that object.Then I need to find all the groups this user is a member of, directly and indirectly. I use the ListRights function for this.Now, I cross the results from the last two functions, to find if any of the groups has an ACL entry for the especified object.But the ACL of the object might include entries for more than one of the groups I found, so I take their permissions bit masks and add them up (using bitwise operator OR), as I understand that this is the way that livelinks inherits permissions.So finally I have a bit mask that represents the access rights that the user has on a particular object.Is this right? Am I missing anything?I?ll appreciate any comments and suggestions.
