Determining Role Owners
Determining Role Owners
The effective permissions, as described in section Basics, in DSM 2014.1 are a triplet of a user object (or an external group object), a role and a given context. This section describes how to determine the user (or external group) and the context of a role.
Examples:
|
Hint: The execution of these examples requires a connected PowerShell drive. |
To determine the role owners and the context of the role 'Helpdesk User' we first retrieve the role object and then utilise the associations of the types 'RoleOwners' resp. 'RoleExternalGroups':
|
$MyRole = Get-EmdbRole "Helpdesk User" $MyRoleOwners = $MyRole.GetAssociations("RoleOwners") $MyRoleExternalGroups = $MyRole.GetAssociations("RoleExternalGroups") |
The associations stored in the lists $MyRoleOwners resp. $MyRoleExternalGroups enable us to retrieve the wanted information:
|
$MyRoleOwners | Foreach-Object { $_.GetTargetObject() } |
The example code returns all owners of the role 'Helpdesk User'. The same mechanism can be used for external groups:
|
$MyRoleExternalGroups | Foreach-Object { $_.GetTargetObject() } |
To give meaning to the information the context of the permission has to be retrieved. The associations 'RoleOwners' resp. 'RoleExternalGroups' holds this information also:
|
$MyRoleOwners | Foreach-Object { $_.GetGrantedObject() } $MyRoleExternalGroups | Foreach-Object { $_.GetGrantedObject() } |