KBEC-00283 - How to list acl of a project using script?

Summary

We have acl groups and projects. How do we generate list of acl related to a project in the following format (similar to Access Control UI under section Privileges for Project), 1 as allow, 0 inherit, etc.

For example,

Type          Name         Read modify Execute Change Permissions 
group     group1              1       0         1          0 
group     group2              1       1         1          1 
group     group3              1       0         0          0 
project   Preflight Builds   1       1         1          1

Solution

Flow API "getAccess" will retrieves ACL information (access control list) associated with an object, including inherited ACLs.

Retrieves ACL information (access control list) associated with an object, including inherited ACLs.

You must specify object locators to find the object where you need to verify access.
ArgumentsDescriptions| applicationName | The name of the application container of the property sheet which owns the property; must be unique among all projects. |

applicationTierName The name of the application tier container of the property sheet which owns the property.
artifactName The name of the credential container of the property sheet which owns the property.The name of the artifact.
artifactVersionName The name of the artifact version.
Note: An artifact version name is interpreted by the server as the artifactVersionName attribute for theartifactVersion in question. This name is parsed and interpreted as"groupId:artifactKey:version"  and the object is searched either way you specify its name--the Flow server interprets either name form correctly.
componentName The name of the component container of the property sheet which owns the property.
configName The name of the emailConfig container that owns the property.
credentialName The name of the credential container of the property sheet which owns the property.credentialName can be one of two forms:
relative
(for example, "cred1") - the credential is assumed to be in the project that contains the request target object.
absolute
(for example, "/projects/BuildProject/credentials/cred1") - the credential can be from any specified project, regardless of the target object's project.
emulateRestoreInheritance Whether or not to include one level of broken inheritance if it exists. Used for seeing what access would look like if the lowest level of broken inheritance was restored.
<Boolean flag - 0|1|true|false>  If set to 1, this argument returns ACL information to what it would be if inheritance were restored on this object.
environmentName The name of the environment container of the property sheet which owns the property; must be unique among all projects.
environmentTierName The name of the environment tier container of the property sheet which owns the property.
gatewayName The name of the gateway container of the property sheet.
groupName The name of the group container of the property sheet that owns the property.
jobId The unique Flow-generated identifier (a UUID) for a job, assigned automatically when the job is created. Also accepts a job name assigned to the job by its name template.
jobStepId The unique identifier for a job step, assigned automatically when the job step is created.
notifierName The name of the email notifier that contains the ACL.
objectId This is an object identifier returned by findObjects and getObjects.
path Property path string.
pluginName The name of the plugin that contains the ACL.
procedureName The name of the procedure containing the ACL.
*Also requires *projectName
processName The name of the process, if the container is a process or process step.
processStepName The name of the process step, if the container is a process step.
projectName The name of the project that contains the ACL; must be unique among all projects.
propertySheetId The unique identifier for a property sheet, assigned automatically when the property sheet is created.
repositoryName The name of the repository for artifact management.
resourceName The name of the resource that contains the ACL.
resourcePoolName The name of a pool containing one or more resources.
scheduleName The name of the schedule containing the ACL.
*Also requires *projectName
stateDefinitionName The name of the state definition.
stateName The name of the state.
stepName The name of the step containing the ACL.
*Also requires *projectName and procedureName
systemObjectName System objects include:
admin|artifactVersions|directory|emailConfigs|log|plugins|
server|session|workspaces
transitionDefinitionName The name of the transition definition.
transitionName The name of the transition.
userName The name of the user that contains the ACL.
workflowDefinitionName The name of the workflow definition.
workflowName The name of the workflow.
workspaceName The name of the workspace that contains the ACL.
zoneName The name of the zone.
Positional arguments

Arguments to specify the object, beginning with the top-level object locator.

Response

One or more object elements, each consisting of one or more aclEntry elements. Each object represents
an object in the ACL inheritance chain starting with the most specific object. Each aclEntry identifies a user or
group and the privileges granted or denied by the entry, and includes a breakInheritance element if applicable.

and you should parse the return values to any format you'd like to generate.

Examples

$cmdr->getAccess(

{projectName => "Sample Project"}

);

or

ectool getAccess --projectName "Sample Project"

See Also

Add links to other pages here.

Applies to

  • Product versions: 4.2.x, 5.x, 6.x
  • OS versions: All
Have more questions? Submit a request

Comments

Powered by Zendesk