handpuppet - Thursday, May 26, 2016 1:26 PM:
Hello,
I am attempting to programmatically add a user into the Administrators group using C#. My goal for doing this is to place the user into the Administrators group, then execute an AML statement, and then revoke the user's administrative rights after the AML runs.
Any help would be very much appreciated.
zahar - Thursday, May 26, 2016 3:15 PM:
Just use following AML:
<AML>
<Item action="add" type="Member">
<source_id>
<Item action=get type="Identity">
<keyed_name>Adminisrators</keyed_name>
</Item>
</source_id>
<related_id>
<Item action=get type="Identity">
<keyed_name>{Some User Identity Name} </keyed_name>
</Item>
</related_id>
</Item>
</AML>
handpuppet - Thursday, May 26, 2016 3:23 PM:
Zahar - Thank you for your help! I will try this. I am not sure if this will work as I am trying to add a non-administrator user into the administrator Identity group, as I am logged on as the non-administrator user.
What I am having trouble with is executing an edit action on an ItemType. The non-administrator user does not have access to perform an edit. I have tried using the lines of code in C# to get an Admin user and set the identity permission but this is not working for me.
zahar - Thursday, May 26, 2016 3:30 PM:
If you are writing C# server side code you can use following trick:
Aras.Server.Security.Identity plmIdentity;
bool PermissionWasSet;
//asign ARAS PLM to current user
plmIdentity = Aras.Server.Security.Identity.GetByName("Aras PLM");
PermissionWasSet = Aras.Server.Security.Permissions.GrantIdentity(plmIdentity);
Aras.Server.Security.Permissions.RevokeIdentity(plmIdentity);
zahar - Friday, May 27, 2016 8:49 AM:
- In Aras method editor can you make sure that 'World" allowed to execute your method:
- Try using Aras PLM before you are trying your own user.
- Make sure that Permission "History" is set right:
handpuppet - Thursday, May 26, 2016 3:39 PM:
I have the exact code you have given already as I found it on this forum. It seems not to be granting the priviliges I need. I double checked that the user I was getting the permissions from where "Aras PLM" is in your above post did indeed have administrator rights. The only part of code I do not have that you have above is the "finally" code block after the try/catch block. Does the revoking of the Identity have to come in the finally {} block?
handpuppet - Friday, May 27, 2016 9:23 AM:
I tried setting the Identity.GetByName user to "Aras PLM". That threw the same exception. The method running is already set execution to World. I checked the permissions on the ItemType and they are correct with permission to do Get, Update, Delete for Administrators. I also checked the RelationshipType that is on the ItemType just to make sure permissions were correct there, and they are. I am frustrated with what the issue is. It would appear everything I have is correct
handpuppet - Friday, May 27, 2016 12:56 PM:
One thing to note, I had the C# method that is supposed to set permissions and run the AML query output the result of the WasPermissionSet variable, and it its true. So it seems that setting the credentials worked. But for some reason doing the applyAML() statement still throws an error
zahar - Thursday, May 26, 2016 3:45 PM:
No, it's not "a must".
I prefer to do this way because if for some reason your code has thrown an exception, finally block will be executed no matter what.
zahar - Saturday, May 28, 2016 3:59 PM:
Please use following code, this will attach CM identity to Administrators Idenity
Innovator inn = this.getInnovator();
Aras.Server.Security.Identity plmIdentity;
bool PermissionWasSet;
plmIdentity = Aras.Server.Security.Identity.GetByName("Administrators");
PermissionWasSet = Aras.Server.Security.Permissions.GrantIdentity(plmIdentity);
try {
string temp = "<AML>" +
" <Item action='add' type='Member'>" +
" <source_id>" +
" <Item action='get' type='Identity'>" +
" <keyed_name>Administrators</keyed_name>" +
" </Item>" +
" </source_id>" +
" <related_id>" +
" <Item action='get' type='Identity'>" +
" <keyed_name>CM</keyed_name>" +
" </Item>" +
" </related_id>" +
" </Item>" +
"</AML>";
Item tempItm = inn.applyAML(temp);
} finally {
Aras.Server.Security.Permissions.RevokeIdentity(plmIdentity);
}
return this;
stevestojanovski - Tuesday, June 7, 2016 10:06 PM:
Have you tried to use "'Administrators" for the call to GrantIdentity? What are you results when you try that?
As long as you always revoke the permissions in the finally block then I don't see why there is an issue with this if it actually works and you get the desired results.
handpuppet - Thursday, May 26, 2016 3:53 PM:
I have the exact code you are using. For some reason it does not seem to give normal users the rights they need to perform an edit on the ItemType. Could there be some other issue going on? Or should be code you provided be enough for a user to perform an edit on an ItemType?
zahar - Thursday, May 26, 2016 4:01 PM:
Please make sure that Aras PLM is allowed to update Identity itemtype
Can you post your code + exception details
handpuppet - Friday, May 27, 2016 8:14 AM:
Here is my code
Innovator inn = this.getInnovator();
string related = this.getProperty("relatedID", "");
string firstnumber = this.getProperty("number", "");
string firststatus = this.getProperty("status", "");
Aras.Server.Security.Identity plmIdentity;
bool PermissionWasSet;
//asign CM permissions to current user
plmIdentity = Aras.Server.Security.Identity.GetByName("Aras Admin");
PermissionWasSet = Aras.Server.Security.Permissions.GrantIdentity(plmIdentity);
CCO.Utilities.WriteDebug("PermissionsTest", "Reached. Permissions Set? " + PermissionWasSet.ToString());
string temp = "<AML>" +
"<Item type='Item1' action='edit' id='" + related + "'> " +
"<field1>" + firstnumber + "</field1>" +
"<field2>" + firststatus + "</field2>" +
"</Item></AML>";
CCO.Utilities.WriteDebug("PermissionsTest", "1");
try
{
Item tempItm = inn.applyAML(temp);
}
catch (Exception e)
{
CCO.Utilities.WriteDebug("PermissionsTest", "Exception encountered. Details:" + e.ToString());
}
CCO.Utilities.WriteDebug("PermissionsTest", "2");
if (PermissionWasSet) {
Aras.Server.Security.Permissions.RevokeIdentity(plmIdentity);
}
CCO.Utilities.WriteDebug("PermissionsTest", "Reached2");
return this;
handpuppet - Friday, May 27, 2016 8:35 AM:
One thing to note is that this exception occurs when this method runs under a normal user account. When run under an Admin account, the AML executes correctly with no exception thrown.
zahar - Friday, May 27, 2016 8:25 AM:
Your code is OK, except what is "Aras Admin"? Did you renamed "Aras PLM" Identity?
handpuppet - Friday, May 27, 2016 8:29 AM:
"Aras Admin" is a user I created in our system specifically for Administrative rights. Is this okay or should I be using the Aras PLM identity? I will post exception details now
handpuppet - Friday, May 27, 2016 8:33 AM:
Below is the exception details. As you can see, they are very generic
Exception encountered. Details:Aras.Server.Core.InnovatorServerException: Exception of type 'Aras.Server.Core.InnovatorServerException' was thrown.
at Aras.Server.Core.ApplyItemProxy.ExecuteServerEvent(XmlDocument itemDom, XmlDocument errorDom, String itemTypeId, String eventName, EventSpecificData eventType, Object eventData) in d:BuildsDaily5846RELS10-0InnovatorServersrcCoreApplyItem.vb:line 1048
at Aras.Server.Core.ApplyItemProxy.ExecuteServerEvent(XmlDocument itemDom, XmlDocument errorDom, String itemTypeId, String eventName) in d:BuildsDaily5846RELS10-0InnovatorServersrcCoreApplyItem.vb:line 1081
at Aras.Server.Core.LockUnlock.LockItem(XmlDocument itemDom, XmlDocument responseDom) in d:BuildsDaily5846RELS10-0InnovatorServersrcCoreLockUnlock.vb:line 94
at Aras.Server.Core.ApplyItemProxy.EditItem_Implementation(XmlDocument inDom, EditItemInstructions instructions, XmlDocument responseDom) in d:BuildsDaily5846RELS10-0InnovatorServersrcCoreApplyItem.vb:line 1412
at Aras.Server.Core.ApplyItemProxy.ApplyItem(XmlDocument& inDom, AddItemImplementationAdditionalInfo additionalItemInfo, XmlDocument& outDom) in d:BuildsDaily5846RELS10-0InnovatorServersrcCoreApplyItem.vb:line 280
at Aras.Server.Core.Utilities.ApplyAML(XmlDocument amlDom, XmlDocument passedResponseDom) in d:BuildsDaily5846RELS10-0InnovatorServersrcCoreutilities.vb:line 1801
at Aras.Server.Core.Utilities.ApplySoapAction(String soapAction, XmlDocument inDom, XmlDocument outDom, Boolean securityCheck) in d:BuildsDaily5846RELS10-0InnovatorServersrcCoreutilities.vb:line 2294
at Aras.Server.Core.IOMConnection.CallAction(String actionName, XmlDocument inDom, XmlDocument outDom) in d:BuildsDaily5846RELS10-0InnovatorServersrcCoreIOMConnection.vb:line 88
at Aras.IOM.Innovator.applyAML(String AML) in d:BuildsDaily5846RELS10-0InnovatorCompilableCodeIOMInnovator.common.cs:line 64
at PKG_6B51B138EA30D6C8E32CBBA225AFEC3D.ItemMethod.methodCode()