Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Livelink - Group permissions

Status
Not open for further replies.
mikepycroft

mikepycroft

Programmer
Jan 3, 2002
11
GB
I am the system administrator for a new Livelink system which we are developing. We have separated our groups into object privileges ones (Creator-folders people who can add folders) and workspace privileges (Dept-IT people who can add content under the IT folder). As part of our audit process I need to report on the functionality each group has.

Using the Livelink schema, via sql, I have been able to derive who belongs to each group but I cannot decipher the permission's each group has. Can any one throw any pointers to compile a report which will say this group can do this.

Thanks
 
Sort by date Sort by votes
This is a standard misconception.In all file based and DMS's the Object (document,folder) etc has "permissions" applied to them by way of Groups,people,etc.These permissions are in a table called dtreeacl.So you have to query the object to know which group or user has access to it and extrapolate it for your use and not the other way around.

So if you do this

select * from dtreeacl where dataid=1234(some object in livelink that you know)

The rows that have -1 ,and -2 are for Public Access and System Access(you don't see it in the GUI) the rest are the Owner,Group and other ACL's groups,people etc.Remember when you have a group in kuaf its id is a number and that is called rightid in dtreeacl.Also nesting of groups is maintained by kuaf and kuafchildren

Typically if you have inheritance on a folder then almost very object underneath it will inherit the same group,groups so pretty much if you are a simple org you can almost find out what this group is capable of even though in esoteric terms you should do it form the object layer


Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937
 
Upvote 0 Downvote
Thanks. Understand this for folder information.

How do I track down what a privilege group can do. Ie: I have a group creator-folders. In the object privileges sys admin pages I assigned the right to create folders to this group. In tis instance the permission's are self explanatory however I need to be able to report these object privileges for audit purposes any thoughts on how to approach this issue?
 
Upvote 0 Downvote
Ha what kind of permissions is in the permissions bitmap.If it is oracle it is pretty easy you can type test bits and see what that means for eg
16777215 that is System Administrator.Check the KB for something recently on sql server bitmap checks.
Here's one that I use for decoding the KUAF side of things
Code: 
select a.name,a.id,a.userprivileges,a.type,a.deleted,
decode(bitand(a.userprivileges,15),15,'Login')"Login",
decode(bitand(a.userprivileges,2062),2062,'Public Access')"Public Access",
decode(bitand(a.userprivileges,46),46,'CCMU')"CCMU",
decode(bitand(a.userprivileges,78),78,'CCMG')"CCMG",
decode(bitand(a.userprivileges,30),30,'UA')"UA",
decode(bitand(a.userprivileges,270),270,'SA')"SA"
from kuaf a where a.type=0 and a.deleted=0 


No Privs 14
Login 15
Public Access 2062
CCMU 46
CCMG 78
UA 30
SA 270
Code: 
Maybe you can check f the other bits are on using this table
Note:
-----
You can generalize this query to other types of permissions by using the following bitmask code for DTreeACL.Permissions. For example, to find those
who have Delete permissions you use 8 instead of 16 in the query. See Contents
is a special case that will need AND's of three bit tests.

-------------------------------------------------------
Bits            Value  Permission
-------------------------------------------------------
                    0  None (N)
1                   2  See (S)
0, 12, 15       36865  See Contents (SC)
16              65536  Modify (M)
4                  16  Edit Permissions (EP)
17             131072  Edit Attributes (EA)
2                   4  Add Items (AI)
14              16384  Delete Versions (DV)
3                   8  Delete (D)
13               8192  Reserve (R)
-------------------------------------------------------
7                 128  Add this to all permission codes
0 – 23       16777215  Administer (A) is a special case
-------------------------------------------------------

I will see if I have a ready made one



Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

P
  • Locked
  • Question
Downloading files from Livelink URL
Replies
3
Views
354
appnair
appnair
aix_tiger
  • Locked
  • Question
How to backup STRATA LIVELINK
Replies
1
Views
200
ggriffit
ggriffit
sherriffot
  • Locked
  • Question
Tabs error Smart View - Opentext livelink
Replies
0
Views
185
sherriffot
sherriffot
sherriffot
  • Locked
  • Question
Change the label of search terms - Opentext livelink
Replies
1
Views
146
ggriffit
ggriffit
sherriffot
  • Locked
  • Question
Viewing by BravaServer does not work on SmartView - Opentext livelink
Replies
3
Views
264
Ekta Singh
Ekta Singh

Part and Inventory Search

Sponsor

Back
Top