Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Security information using NET SDK

Go to solution
peopleworks
Explorer

on ‎2022 Nov 28 3:55 PM

0 Likes
1,481

Hello Sap Team

I was able to connect and extract information using .NET SDK from enterprise system but need some examples in how to combine then, because I need to know what user or group is assigned to a report.

In the next picture you can see the folder structure and inside I can list all reports that are inside it.

In the next picture I show you the groups and users

But now I'm stuck trying to combine both information's.

Please help

Thank you

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

DellSC
Active Contributor
‎2022 Nov 28 4:29 PM
0 Likes

There are a couple of options because security principals (users and groups) can be either explicitly assigned to object or they can inherit rights to an object (effective rights).

I don't have C# code for this, but I have done this in Java. Here's the basic logic:

For each InfoObject
  Get the SecurityInfo2 collection
  Get the ExplicitPrincipals from SecurityInfo2
  For each ExplicitPrincipal 
    Determine whether the principal is a user group or a user
    Get the Roles (these are the Access Levels assigned to the object/principal combo)
      The roles will tell you whether the principal has access.
  Get the EffectivePrincipals from SecurityInfo2
  for each EffectivePrincipal
    Determine whether the principal is a user group or a user
    Get the Roles to determine whether the principal has access.

As you're doing this, be aware that you may have rights where access is explicily denied, so just the fact that the principal is assigned to an object, does not mean that the principal has access to that object.

Also, this doesn't take into account any "Advanced" individual rights that might have been assigned. To get to that information, you need to get the Rights collection for each type of principal and walk through that list.

Note: If your security is configured according to best practices, access will be assigned to groups only and there will be no Advanced rights. You need to verify how your security is configured.

-Dell

Show replies
Show replies
peopleworks
Explorer
‎2022 Nov 28 4:39 PM
0 Likes

Dell

Thanks for the information, how can I find what assembly I have to add in my project to use SecurityInfo2?

Thanks in advance

DellSC
Active Contributor
‎2022 Nov 28 5:02 PM
0 Likes

It should be in the CrystalDecisions.Enterprise namespace.

-Dell

peopleworks
Explorer
‎2022 Dec 01 2:45 PM
0 Likes

Dell,

Can you please send me the java code to do this, if it is possible.

Thanks in advanced

DellSC
Active Contributor
‎2022 Dec 01 3:29 PM

The challenge with sending you the code is that I use several support classes that we've developed that I can't send you the code for as they're copyrighted by my employer. The one this process uses is called "QueryHelper" and it's a wrapper around various calls to query data from the CMS database.

The code below is from a "baseObject" class that contains various information about an InfoObject, including its security, which is stored in an ArrayList of SecurityInfo objects. Also, it assumes that there is a HashMap of access level information with the structure <SI_ID, AccessLevel> where the AccessLevel object contains the name of the level and the rights that are included.

protected void loadSecurity(final IInfoObject o, final HashMap<Integer, AccessLevel> accessLevels,
    final boolean doAdvanced, final boolean doEffective, final QueryHelper qh) throws SDKException {
	final ISecurityInfo2 si2 = o.getSecurityInfo2();
	final IExplicitPrincipals ieps = si2.getExplicitPrincipals();
	final Iterator<IExplicitPrincipal> expit = ieps.iterator();
	while (expit.hasNext()) {
 	  final IExplicitPrincipal iep = expit.next();
	    if (iep != null) {
	      final SecurityInfo si = new SecurityInfo(iep, accessLevels, doAdvanced, qh);
		hasAdvancedSec = hasAdvancedSec || si.hasAdvancedRights();
		security.add(si);
	      }
	    }

	  if (doEffective) {
	    final IEffectivePrincipals eps = si2.getEffectivePrincipals();
	    final Iterator<IEffectivePrincipal> effit = eps.iterator();
	    while (effit.hasNext()) {
	      final IEffectivePrincipal ep = effit.next();
		if (ep != null) {
		  final SecurityInfo si = new SecurityInfo(ep, accessLevels, doAdvanced, qh);
		  hasAdvancedSec = hasAdvancedSec || si.hasAdvancedRights();
		  security.add(si);
		}
	    }
	}
    }

Here's the code from SecurityInfo:

import java.util.HashMap;
import java.util.Iterator;
import com.crystaldecisions.sdk.occa.infostore.IEffectivePrincipal;
import com.crystaldecisions.sdk.occa.infostore.IEffectiveRight;
import com.crystaldecisions.sdk.occa.infostore.IEffectiveRights;
import com.crystaldecisions.sdk.occa.infostore.IEffectiveRole;
import com.crystaldecisions.sdk.occa.infostore.IEffectiveRoles;
import com.crystaldecisions.sdk.occa.infostore.IExplicitPrincipal;
import com.crystaldecisions.sdk.occa.infostore.IExplicitRight;
import com.crystaldecisions.sdk.occa.infostore.IExplicitRights;
import com.crystaldecisions.sdk.occa.infostore.IExplicitRole;
import com.crystaldecisions.sdk.occa.infostore.IExplicitRoles;
import com.dft.boetools.QueryHelper;

public class SecurityInfo extends baseInfo {
	private boolean inheritGroups = false;
	private boolean inheritFolders = false;
	private final HashMap<Integer, RoleInfo> roles = new HashMap<Integer, RoleInfo>();
	private final RightsList advRights = new RightsList();
	private boolean isEffective = false;

	//Load Effective roles and rights
        @SuppressWarnings("unchecked")
	public SecurityInfo(final IEffectivePrincipal iep, final HashMap<Integer, AccessLevel> accessLevels,
			final boolean doAdvanced, final QueryHelper qh) {
		id = iep.getID();
		title = iep.getName();
		inheritGroups = iep.isInheritGroups();
		inheritFolders = iep.isInheritFolders();
		isEffective = true;
		kind = qh.getKind(id);

		// load the list of roles
		final IEffectiveRoles eRoles = iep.getRoles();
		IEffectiveRole eRole;
		final Iterator<IEffectiveRole> eit = eRoles.iterator();
		AccessLevel level;
		final RightsList roleRights = new RightsList();
		while (eit.hasNext()) {
			eRole = eit.next();
			if ((eRole != null) && !roles.containsKey(eRole.getID())) {
				roles.put(eRole.getID(), new RoleInfo(eRole));
				if (doAdvanced && accessLevels.containsKey(eRole.getID())) {
					level = accessLevels.get(eRole.getID());
					for (final AccessRight ar : level.getRights().list()) {
						if (!roleRights.contains(ar.getApplication(), ar.getRightName())) {
							roleRights.add(ar);
						}
					}
				}
			}
		}

		// if we have advanced rights, get them
		if (iep.isAdvanced()) {
			final IEffectiveRights eRights = iep.getRights();
			final Iterator<IEffectiveRight> rightIt = eRights.iterator();
			IEffectiveRight eRight;
			while (rightIt.hasNext()) {
				eRight = rightIt.next();
				if (!roleRights.contains(eRight.getApplicableKind(), eRight.getDescription(null))) {
					if (advRights.contains(eRight.getApplicableKind(), eRight.getDescription(null))) {
						advRights.get(eRight.getApplicableKind(), eRight.getDescription(null)).updateScope(eRight.getScope());
					} else {
						advRights.add(new AccessRight(eRight));
					}
				}
			}
		}

	}

        //Load Explicit roles and rights
	@SuppressWarnings("unchecked")
	public SecurityInfo(final IExplicitPrincipal iep, final HashMap<Integer, AccessLevel> accessLevels,
			final boolean doAdvanced, final QueryHelper qh) {
		id = iep.getID();
		title = iep.getName();
		inheritGroups = iep.isInheritGroups();
		inheritFolders = iep.isInheritFolders();
		kind = qh.getKind(id);

		// get the list of access levels assigned and store their rights so that
		// we can check for advanced rights too.
		final IExplicitRoles eRoles = iep.getRoles();
		IExplicitRole eRole;
		AccessLevel level;
		final RightsList roleRights = new RightsList();
		final Iterator<IExplicitRole> eit = eRoles.iterator();
		while (eit.hasNext()) {
			eRole = eit.next();
			roles.put(eRole.getID(), new RoleInfo(eRole));
			if (doAdvanced && accessLevels.containsKey(eRole.getID())) {
				level = accessLevels.get(eRole.getID());
				for (final AccessRight ar : level.getRights().list()) {
					roleRights.add(ar);
				}
			}
		}

		// now walk through the list of rights and add anything that's not
		// already in an assigned access level
		final IExplicitRights eRights = iep.getRights();
		final Iterator<IExplicitRight> rightIt = eRights.iterator();
		IExplicitRight eRight;
		while (rightIt.hasNext()) {
			eRight = rightIt.next();
			if (!roleRights.contains(eRight.getRightPluginKind(), eRight.getDescription(null))) {
				if (advRights.contains(eRight.getRightPluginKind(), eRight.getDescription(null))) {
					advRights.get(eRight.getRightPluginKind(), eRight.getDescription(null))
							.updateScope(eRight.getScope());
				} else {
					advRights.add(new AccessRight(eRight));
				}
			}
		}
		if (advRights.size() > 0) {
			roles.put(0, new RoleInfo(0, "Advanced", false));
		} else if ((advRights.size() == 0) && (roles.size() == 0)) {
			roles.put(-1, new RoleInfo(-1, "No Access", false));
		}
	}

	public RightsList getAdvancedRights() {return advRights;}
	public boolean getInheritFolders() {return inheritFolders;}
	public boolean getInheritGroups() {return inheritGroups;}
	public HashMap<Integer, RoleInfo> getRoles() {return roles;}
	public boolean hasAdvancedRights() {return (advRights.size() > 0);}
	public boolean isEffectiveRights() {return isEffective;}
}
I hope this helps!-Dell

Answers (0)

Ask a Question