Community Tip - Did you get called away in the middle of writing a post? Don't worry you can find your unfinished post later in the Drafts section of your profile page. X
I basically need to use an admin account to check if a user has access to projects by running a script.
Project access has been set through ACLs, but user's have been added to groups, and those groups added to the ACLs, so the viewacls command doesn't give me information for a specific user.
Solved! Go to Solution.
Hello Juan,
Depending on your use case, there may be an alternative command. The "evaluateacl" diag can determine whether a permission is granted or denied:
im diag --diag=evaluateacl <Principal Name> <ACL Name> <Permission Name>
im diag --diag=evaluateacl joe si:project:id:Project1:SubA OpenProject
Output looks like below:
Result: DENIED. ACL used: null
Generally speaking, users only need OpenProject and FetchRevision permissions to see a Source project so you could use that diag to check for permissions. Note: The Principal Name flag can use user names or group names.
EDIT: Running diag commands requires the Admin or AdminServer permission so it is not much different from having to use your previous scripts via an admin account. This diag may be quicker to check if the use case is simple, however.
Hello Juan,
Depending on your use case, there may be an alternative command. The "evaluateacl" diag can determine whether a permission is granted or denied:
im diag --diag=evaluateacl <Principal Name> <ACL Name> <Permission Name>
im diag --diag=evaluateacl joe si:project:id:Project1:SubA OpenProject
Output looks like below:
Result: DENIED. ACL used: null
Generally speaking, users only need OpenProject and FetchRevision permissions to see a Source project so you could use that diag to check for permissions. Note: The Principal Name flag can use user names or group names.
EDIT: Running diag commands requires the Admin or AdminServer permission so it is not much different from having to use your previous scripts via an admin account. This diag may be quicker to check if the use case is simple, however.
Hello Juan,
Did Joe's answer answer your questions? If so, could you mark it with Correct Answer (at the bottom of the reply), or at least mark it as Helpful (at the bottom of the reply, choose Actions --> Mark as Helpful).
Doing this lets people who are later searching for a resolution to this issue see what information provided to answer your question was useful, and it lets the answerer know that the information they provided was helpful, so that it encourages them to keep answering.
Thanks,
Kael