DirectCheckAccess Parameters

Topics: NetSqlAzMan Core, SQL Database Schema
Nov 5, 2010 at 2:07 PM

Ciao Andrea,

Should DirectCheckAccess stored proc return an authorization type enumeration where Neutral=0, Allow=1, Deny=2, AllowWithDelegation=3?   I'm getting back Item Ids..

I'm calling your stored procedure netsqlazman_DirectCheckAccess. I downloaded the solution source and found the stored proc call from SqlAzManStorage.cs on line 583 (Version 3.6.0.8) has the RETRIEVEATTRIBUTES and the 9th IN parameter and AUTHORIZATION_TYPE as the 10th and last parameter which is IN/OUT.  From the same solution I checked the netsqlazman_sqlserver.sql implementation of the stored proc netsqlazman_DirectCheckAccess on line 2,996. This definition has the AUTHORIZATION_TYPE as the 9th parameter and RETRIEVEATTRIBUTES as the 10th. Not a big deal the code and stored proc code are not in synch, but when I call the stored proc I don't get back 0,1,2 or 3 (the authorization enumeration), I get back itemIds. This doesn't make sense with the code on line 583 which says it should get back an authorization type.  Any Ideas?

Tia, Steve

  • 3.6.0.7 NetSqlAzMan version
  • Management Console
  • XP Pro SP3
  • Platform (x86, 32 bit)
  • SQL Server version (2005)
Coordinator
Nov 5, 2010 at 2:33 PM

You are getting back the first resultset.

The Direct_CheckAccess sp retruns two result sets.

Try with dataReader.NextResult()


Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Nov 5, 2010 at 2:57 PM

Yes I have it in a while loop. When I get 2 values the second is also an item Id. For instance I have a role "User" (ItemId=21) and another role "Specific User" ItemId=27. "Specific User" is a subrole under User. That is in the ItemsHierachyTable ItemId=27 and MemberOfItemId=21.

When I call DirectCheckAccess with the store, appname, role name="User", opOnly=false, mySID, userGroupCount=0, validFor=Now, ldap="DC=xyz,DC=ourDomain,DC=edu", out auth parameter (not sending anything in),  retrieveattr =false

nextResult = 21

end of result set

If I call with "Specific User" the subrole I get..

nextResult = 21

nextResult = 27

end of result set

It sounds like the behavior should be 21, 1, 27, 1

First the itemId then the authorization enumeration.

 

Nov 5, 2010 at 4:38 PM

Further symptoms that might help. If I setup a "master role" that has "role" under it and role has "subrole" under it.

Master Role(id=50)  -> Role(id=51) -> SubRole(id=52) There are NO authorizations on any role.

I call DirectCheckAccess for SubRole the ResultSet I get back is 50,51,52 as the AuthorizationType out parameter.

When I authorization myself for the MasterRole and call the SP I get the same 50,51,52 when passing in SubRole

I get result set of 50 when passing in "MasterRole"

I get result set of 50,51 when passing in "Role"

I tried a few more scenarios and get the same results. DirectCheckAccess gives me back the ItemId Hierarchy of the Role I pass in.

Best regards,

Steve

 

Nov 5, 2010 at 8:16 PM

I solved the issue. Please disregard. I was processing the resultSet like a PreparedStatement and not a CallableStatement. Never the less a strange side effect.

Cheers

Coordinator
Nov 6, 2010 at 10:01 AM

lol