How to determine what users have access rights to a particular item

May 21, 2009 at 8:53 PM

First, thanks for the prompt response to my previous question regarding cache coherency...did the job for me.

 

My question this time is more API focused.  Reading over the examples and browsing the API description I fully get how to query if a specific user has access rights to a specific item but am a bit unclear on how to determine who (all users) who have access to a particular item.  Stated differently, instead of posing a question and getting a boolean response I need to effectively perform an ad hoc query and get a result set w/ multiple rows.

I saw that there are a couple of member functions associated w/ IAzManItem (GetMembers and GetAuthorization) that look promising; am I on the right track?

 

 

Best,

 


Dave

Coordinator
May 21, 2009 at 8:57 PM
Which is the "real-world" reason ... you want to know all users authorized on a given item ?
A report could be enough ?
Regards,
Andrea.

May 22, 2009 at 12:44 PM

The real-world scenario is as follows...A user may be entitled to modify a data item and this will be checked when the user attempts to modify; however, once modified, multiple users may be entitled to view changes (think pub-sub).  Therefore on the return of the update we want to determine who has access to view the item so that we can send updates accordingly.

 

 

Hope this makes sense.

 

 

Dave

May 22, 2009 at 12:45 PM

Should I infer that what I want to do is not possible via IAzManItem.GetMembers()?

Coordinator
May 22, 2009 at 12:58 PM

IAzManItem.GetMembers() returns the other items that are members … not the users !

__________________________________
Andrea Ferendeles
NetSqlAzMan - Project Coordinator

http://netsqlazman.codeplex.com

May 22, 2009 at 1:01 PM

Thanks for clarifying the semantics of GetMembers....still, is there some built in method for doing what I'm looking for?

 

 

Best,

 


Dave

Coordinator
May 22, 2009 at 1:06 PM

You could create an Application Group with inside all potential users.

Then ... to find out who has access to a report (at run-time) ... get users members of this group application ... and for each user call a CheckAccess (on the operation report).

__________________________________
Andrea Ferendeles
NetSqlAzMan - Project Coordinator

http://netsqlazman.codeplex.com

May 26, 2009 at 5:47 PM

Thanks for the suggestion.  I will prototype but curious to know your thoughts on the expense of each check?  Let's assume the following:

- Application Group Size  > 5000

- For any application, 

- 10k - 50k tasks (each task may have 10-15 operations defined)

 

What I want to know is the run-time complexity of checking if a user is authorized to invoke a particular operation on a particular task.

 

 

Dave

Coordinator
May 27, 2009 at 6:55 AM
As you can see from the chart in the home ...
Each CheckAccess done using the StorageCache class takes about 1 ms. (1000 checkAccess ... about 1034 ms)
If you are using the class UserPermissionCache ... it take 34 ms per 1000 checkaccess.
Also if you perform all CheckAccess at the application start and then your application cache the results ... all is done one time only.
Regards,
Andrea.