Getting a list of Security Groups and Accounts for a user through the API

I got an interesting question on one of my previous posts about how to access the list of Security Groups a user can write to through the API.  In first looking at it, I thought it would be straightforward and there would be a schema service for this.  The one the user tried, GET_SCHEMA_VIEW_FRAGMENT, does indeed return a list of Security Groups, but you can't differentiate between the ones the user can read and which ones they can write to.  I looked through the documentation and couldn't find anything related which might work.  I thought perhaps by running the CHECKIN_NEW_FORM service which renders the check-in page template might offer a resultset to use, but no luck there.

The solution comes from a service buried in the std_services.htm file called GET_USER_PERMISSIONS.  When you run this service as the user, it will return the list of Security Groups and Accounts along with the level of access for that entity (1=read, 3=write, 7=delete, 15=admin).  If you access the service through the URL and add the '&IsPageDebug=1', you can see the results as such:

Get User Permissions


Hi Kyle,

Thanks for looking into my question and posting this great solution.
This does solve it for getting a list of security groups with write permission, but I would also like to get the same list but then for a custom metadata option list with security.
I think has to be possible, as the check in form does correctly fill the list with only values correspondig security groups I have write permission to.
I also created a SR for this...

Regards, Stijn

Posted by StijnR on October 30, 2011 at 09:54 PM CDT #

Hi Kyle,

Thanks for this one.

I am looking forward to find the way to check a user's permissions on a particular content/folder. Though your link helps, I also have Entity Security enabled.

Is there any Service or API that you know of, which can compute user's access to a file/folder. UCM itself performs this check, so there must be some method/Service/API for this!

Do you have any pointers on that?

Posted by Prateek Mohan on October 31, 2011 at 02:59 AM CDT #

Hey Stijn,

For that, I'm not sure if there is a service available through the API to get the list in that way. It may be just something available through Idoc Script in how the UCM interface builds those lists.


Posted by Kyle Hatlestad on November 01, 2011 at 06:26 AM CDT #

Hey Prateek,

I'm afraid I don't know of any service or function that can return the level of access on a particular entity. And the feature in which is in WebCenter Content that either denies access to a document or grants access is embedded within the application and not something that is called directly. But a custom component could be written to be given a folder or content ID and inspect its security and that of the user to determine the level of access. But nothing OOTB that I know of to do that.


Posted by guest on November 01, 2011 at 06:31 AM CDT #

I request the service thus :

And I get back ....
Content Server Request Failed
Error Configuration error for request 'GET_USER_PERMISSIONS'. No dynamic HTML page

What am doing wrong ?

Posted by Mark Zawadzki on November 03, 2011 at 09:38 AM CDT #

What is the URL ?

Posted by Mark Zawadzki on November 04, 2011 at 04:54 AM CDT #

Yes, this service was meant to be called internally or through the API and not directly from the browser. And although you do get an error message because there isn't a display template for that data, the data is coming back from that service. If you look in the bottom right of the window, there should be a small tab that when you click on it, you can get the respond binder and see the result sets coming back. I talk about the IsPageDebug on this post:


Posted by Kyle Hatlestad on November 04, 2011 at 09:52 AM CDT #

Hi Kyle,
Thanks for the service, I using this through Reports in URM !


Posted by guest on November 14, 2011 at 04:48 PM CST #

Post a Comment:
  • HTML Syntax: NOT allowed

Kyle Hatlestad is a Solution Architect in the WebCenter Architecture group (A-Team) who works with WebCenter Content and other products in the WebCenter & Fusion Middleware portfolios. The WebCenter A-Team blog can be found at: ateam_webcenter/


« February 2016