Help Creating an Oracle Report

[CherylAnderton]

I'm trying to pull a report of a group of users and the folder locations where they have access?

I have the members of groups:
select x.name as GroupName,u.lastname as MemberLastName,
u.firstname as MemberFirstName,U.MAILADDRESS,
u.id, u.name as UserAccount, u.officelocation
from kuaf u
inner join kuafchildren k on u.id = k.childid
inner join kuaf x on k.id = x.id
where k.id IN (select id from kuaf where name like 'departemntg')
order by x.name;

I'm stumped on the folder locations where they have access?

Any help is appreciated.

Cheryl

 

[appnair]

If you have access to KB ask the question there a lot of these kind of questions are answered there.This is a public forum and OT schema is protected by copyright so not appropriate in answering there.Loosely I will give you a vague answer with which you will probably be able to understand from my clues.

OT's Livelink has a Document Tree table in which all Objects are available.There is also a Document Tree Access Control List table in which there is an entry for access.It's access is divided into standard 4 columns like User,Group,Others and System.This is the default access list you see when you open the permissions gui.Then any group you add to it is the extended access list which you see below that is also in this table.The Right ID of the Group in your query with the correct permissions BitMask maintained there in gives the access to the user.The algorithm is like this,it takes the ID of the USER,it knows all the Groups the User is In,then it says for this groups does user have explicit permissions,hold that number in memory,go to the next user group hold that in memory,go to Public Access hold that in memory,go to System hold that in memory,go to next assigned access group hold that in memory until that list is expunged or finished with one caveat..The caveat is its just trying to find the highest bitmask on it so if UserA has See in User Permissions and Edit Permissions in his User Group ,then the highest has been achieved so the unnecessary checking on any countless groups is not done.Hence Permissions is a really thought over process in good mature organizations and they all have a keep it Simple principle.

However you will never be able to actually pinpoint how a user gets access to a Object through SQL because all you can do is to identify if a Group is on the object directly or not because LL allows indirect permissions.But if you have a written down hierarchy where you say permissions are granted by inheritance .This is why in Livelink engagement you create a document saying at this level of enterprise I place this Group called Administrators and give them upto edit permissions and it is trickled down to all objects underneath it so it looks like it is obeying that rule.However the Administrators group can be made by a flat structure of Groups,or a group of groups,or a group of group of groups..... you see what I am getting at so even the person who is never defined explicitly at the Administrators group is able to see the Object.So unless and until the organization has a good understanding or there is a best practice document the report is probably a worthless exercise...

Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937
Certified OT Developer,Livelink ECM Champion 2008,Livelink ECM Champion 2010

http://www.tek-tips.com/faqs.cfm?fid=2884

http://www.linkedin.com/in/appunair

http://www.livelink.in