GetAuthorizationsOfMember usage

Sep 21, 2010 at 1:33 PM

Andrea here are the specs:

  • 3.6.0.7 NetSqlAzMan version
  • Management Console
  • XP Pro SP3 with C#
  • Platform (x86, 32 bit)
  • SQL Server version (2005)

From the Console Management GUI, I right click on the application to run "Check Access Test".  In the tree I see two operations with (CHECK ACCESS TEST ERROR). Below is the details text.  I've run the Check Access Test before and it ran fine. Do you know what is wrong and how to correct it? I only have one application a few roles, one nested role, no tasks and 5 operations.

Check Access Test on Role 'example user' ... Allow [46.8738 mls.]
Check Access Test on Operation 'example' ... Business Rule Error:Business Rule Error:Object reference not set to an instance of an object.
Item Name:example, Application Name: MyApp, Store Name: XYZSecurityStore
Item Name:example, Application Name: MyApp, Store Name: XYZSecurityStore [0 mls.]
Check Access Test on Operation 'view' ... Business Rule Error:Business Rule Error:Object reference not set to an instance of an object.
Item Name:example, Application Name: MyApp, Store Name: XYZSecurityStore

I'm also trying to get all authorizations with the following code but it always comes back empty for each item.  I'm thinking I should get some Authorization objects since they are defined in the Managment console. The line below in red returns an empty array even though there 5 Operations connected to the role and a store group that I'm in is authorized for these operations

Here's the code:

        public void PrintAuths() {
            KeyValuePair<string, object> attributes = new KeyValuePair<string, object>();

            IAzManStore store = _storage.GetStore("XYZSecurityStore");
            IAzManApplication application = store.GetApplication("MyApp");
            IAzManItem[] items = application.GetItems();

            NTAccount userNtAccount = new NTAccount("MyDomain", "MyId");
            SecurityIdentifier DelegatedUserSID = (SecurityIdentifier) userNtAccount.Translate(typeof (SecurityIdentifier));
            IAzManSid userAzManSid = new SqlAzManSID(DelegatedUserSID);

            foreach (var azManItem in items) {
                Debug.Print("Service1 item is " + azManItem);
                IAzManAuthorization[] auths = azManItem.GetAuthorizationsOfMember(userAzManSid); // This method returns auths[0]

                foreach (var azManAuth in auths) {
                    Debug.Print("Service1 auth is " + azManAuth);
                }
            }
        }

 If you need further details of the setup let me know.. TIA

 

 

 

 

 

 

 

 

Coordinator
Sep 21, 2010 at 2:10 PM

CheckAccessTest was unable to set context parameter values (used in your business roles) … so the biz rules fails !

A possible workaround is to modify your biz rules … by using some default values … if not provided !

GetAuthorizationsOfMember() method retrieve only explicit authorization on item from you are calling method.

Inherited authorizations are not returned.

Use instead a CheckAccess !


Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com