cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about PTC Community Badges. Engage with PTC and see how many you can earn! X

How to check if user has access to source project(s) in Integrity?

jerazo
7-Bedrock

How to check if user has access to source project(s) in Integrity?

I basically need to use an admin account to check if a user has access to projects by running a script.

Project access has been set through ACLs, but user's have been added to groups, and those groups added to the ACLs, so the viewacls command doesn't give me information for a specific user.

ACCEPTED SOLUTION

Accepted Solutions

Hello Juan,

Depending on your use case, there may be an alternative command. The "evaluateacl" diag can determine whether a permission is granted or denied:

im diag --diag=evaluateacl <Principal Name> <ACL Name> <Permission Name>

im diag --diag=evaluateacl joe si:project:id:Project1:SubA OpenProject

Output looks like below:

Result: DENIED. ACL used: null

Generally speaking, users only need OpenProject and FetchRevision permissions to see a Source project so you could use that diag to check for permissions. Note: The Principal Name flag can use user names or group names.

EDIT: Running diag commands requires the Admin or AdminServer permission so it is not much different from having to use your previous scripts via an admin account. This diag may be quicker to check if the use case is simple, however.

View solution in original post

2 REPLIES 2

Hello Juan,

Depending on your use case, there may be an alternative command. The "evaluateacl" diag can determine whether a permission is granted or denied:

im diag --diag=evaluateacl <Principal Name> <ACL Name> <Permission Name>

im diag --diag=evaluateacl joe si:project:id:Project1:SubA OpenProject

Output looks like below:

Result: DENIED. ACL used: null

Generally speaking, users only need OpenProject and FetchRevision permissions to see a Source project so you could use that diag to check for permissions. Note: The Principal Name flag can use user names or group names.

EDIT: Running diag commands requires the Admin or AdminServer permission so it is not much different from having to use your previous scripts via an admin account. This diag may be quicker to check if the use case is simple, however.

Hello Juan,

Did Joe's answer answer your questions? If so, could you mark it with Correct Answer (at the bottom of the reply), or at least mark it as Helpful (at the bottom of the reply, choose Actions --> Mark as Helpful).

Doing this lets people who are later searching for a resolution to this issue see what information provided to answer your question was useful, and it lets the answerer know that the information they provided was helpful, so that it encourages them to keep answering.

Thanks,

Kael


Kind Regards,
Kael Lizak

Senior Technical Support Engineer
PTC Integrity Lifecycle Manager
Announcements


Top Tags