cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - When posting, your subject should be specific and summarize your question. Here are some additional tips on asking a great question. X

How to check if user has access to source project(s) in Integrity?

Go to solution
jerazo
1-Newbie
1-Newbie
‎Mar 02, 2015 11:22 AM
‎Mar 02, 2015 11:22 AM

How to check if user has access to source project(s) in Integrity?

I basically need to use an admin account to check if a user has access to projects by running a script.

Project access has been set through ACLs, but user's have been added to groups, and those groups added to the ACLs, so the viewacls command doesn't give me information for a specific user.

0 Kudos
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
JoeBartlett
21-Topaz I
21-Topaz I
(To:jerazo)
‎Mar 02, 2015 11:42 AM
‎Mar 02, 2015 11:42 AM

Hello Juan,

Depending on your use case, there may be an alternative command. The "evaluateacl" diag can determine whether a permission is granted or denied:

im diag --diag=evaluateacl <Principal Name> <ACL Name> <Permission Name>

im diag --diag=evaluateacl joe si:project:id:Project1:SubA OpenProject

Output looks like below:

Result: DENIED. ACL used: null

Generally speaking, users only need OpenProject and FetchRevision permissions to see a Source project so you could use that diag to check for permissions. Note: The Principal Name flag can use user names or group names.

EDIT: Running diag commands requires the Admin or AdminServer permission so it is not much different from having to use your previous scripts via an admin account. This diag may be quicker to check if the use case is simple, however.

View solution in original post

Notify Moderator
2 REPLIES 2
JoeBartlett
21-Topaz I
21-Topaz I
(To:jerazo)
‎Mar 02, 2015 11:42 AM
‎Mar 02, 2015 11:42 AM

Hello Juan,

Depending on your use case, there may be an alternative command. The "evaluateacl" diag can determine whether a permission is granted or denied:

im diag --diag=evaluateacl <Principal Name> <ACL Name> <Permission Name>

im diag --diag=evaluateacl joe si:project:id:Project1:SubA OpenProject

Output looks like below:

Result: DENIED. ACL used: null

Generally speaking, users only need OpenProject and FetchRevision permissions to see a Source project so you could use that diag to check for permissions. Note: The Principal Name flag can use user names or group names.

EDIT: Running diag commands requires the Admin or AdminServer permission so it is not much different from having to use your previous scripts via an admin account. This diag may be quicker to check if the use case is simple, however.

Notify Moderator
KaelLizak
14-Alexandrite
14-Alexandrite
(To:JoeBartlett)
‎Mar 09, 2015 01:05 PM
‎Mar 09, 2015 01:05 PM

Hello Juan,

Did Joe's answer answer your questions? If so, could you mark it with Correct Answer (at the bottom of the reply), or at least mark it as Helpful (at the bottom of the reply, choose Actions --> Mark as Helpful).

Doing this lets people who are later searching for a resolution to this issue see what information provided to answer your question was useful, and it lets the answerer know that the information they provided was helpful, so that it encourages them to keep answering.

Thanks,

Kael


Kind Regards,
Kael Lizak

Senior Technical Support Engineer
PTC Integrity Lifecycle Manager
0 Kudos
Notify Moderator
Top Tags