Getting a list of Security Groups and Accounts for a user through the API

I got an interesting question on one of my previous posts about how to access the list of Security Groups a user can write to through the API.  In first looking at it, I thought it would be straightforward and there would be a schema service for this.  The one the user tried, GET_SCHEMA_VIEW_FRAGMENT, does indeed return a list of Security Groups, but you can't differentiate between the ones the user can read and which ones they can write to.  I looked through the documentation and couldn't find anything related which might work.  I thought perhaps by running the CHECKIN_NEW_FORM service which renders the check-in page template might offer a resultset to use, but no luck there.

The solution comes from a service buried in the std_services.htm file called GET_USER_PERMISSIONS.  When you run this service as the user, it will return the list of Security Groups and Accounts along with the level of access for that entity (1=read, 3=write, 7=delete, 15=admin).  If you access the service through the URL and add the '&IsPageDebug=1', you can see the results as such:

Get User Permissions

Comments:

Hi Kyle,

Thanks for looking into my question and posting this great solution.
This does solve it for getting a list of security groups with write permission, but I would also like to get the same list but then for a custom metadata option list with security.
I think has to be possible, as the check in form does correctly fill the list with only values correspondig security groups I have write permission to.
I also created a SR for this...

Regards, Stijn

Posted by StijnR on October 30, 2011 at 09:54 PM CDT #

Hi Kyle,

Thanks for this one.

I am looking forward to find the way to check a user's permissions on a particular content/folder. Though your link helps, I also have Entity Security enabled.

Is there any Service or API that you know of, which can compute user's access to a file/folder. UCM itself performs this check, so there must be some method/Service/API for this!

Do you have any pointers on that?

Posted by Prateek Mohan on October 31, 2011 at 02:59 AM CDT #

Hey Stijn,

For that, I'm not sure if there is a service available through the API to get the list in that way. It may be just something available through Idoc Script in how the UCM interface builds those lists.

Thanks,
-Kyle

Posted by Kyle Hatlestad on November 01, 2011 at 06:26 AM CDT #

Hey Prateek,

I'm afraid I don't know of any service or function that can return the level of access on a particular entity. And the feature in which is in WebCenter Content that either denies access to a document or grants access is embedded within the application and not something that is called directly. But a custom component could be written to be given a folder or content ID and inspect its security and that of the user to determine the level of access. But nothing OOTB that I know of to do that.

Thanks,
-Kyle

Posted by guest on November 01, 2011 at 06:31 AM CDT #

I request the service thus :
http://ucm:16200/cs/idcplg?IdcService=GET_USER_PERMISSIONS&IsPageDebug=1

And I get back ....
Content Server Request Failed
Error Configuration error for request 'GET_USER_PERMISSIONS'. No dynamic HTML page

What am doing wrong ?

Posted by Mark Zawadzki on November 03, 2011 at 09:38 AM CDT #

What is the URL ?

Posted by Mark Zawadzki on November 04, 2011 at 04:54 AM CDT #

Yes, this service was meant to be called internally or through the API and not directly from the browser. And although you do get an error message because there isn't a display template for that data, the data is coming back from that service. If you look in the bottom right of the window, there should be a small tab that when you click on it, you can get the respond binder and see the result sets coming back. I talk about the IsPageDebug on this post: http://blogs.oracle.com/kyle/entry/page_debugging_easier_in_ucm_11g

Thanks,
-Kyle

Posted by Kyle Hatlestad on November 04, 2011 at 09:52 AM CDT #

Hi Kyle,
Thanks for the service, I using this through Reports in URM !

-Anix

Posted by guest on November 14, 2011 at 04:48 PM CST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Kyle Hatlestad is a Solution Architect in the WebCenter Architecture group (A-Team) who works with WebCenter Content and other products in the WebCenter & Fusion Middleware portfolios. The WebCenter A-Team blog can be found at: https://blogs.oracle.com/ ateam_webcenter/

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today