fwAccessControl  8.4.3
Privilege-checking functions

Permission-related functions

see also the module Permission manipulation functions

bool fwAccessControl_HasUserAdminPrivilege (dyn_string &exceptionInfo, string user="", bool exceptionOnNotGranted=TRUE)
 
bool fwAccessControl_HasGroupAdminPrivilege (dyn_string &exceptionInfo, string user="", bool exceptionOnNotGranted=TRUE)
 
bool fwAccessControl_HasDomainAdminPrivilege (dyn_string &exceptionInfo, string user="", bool exceptionOnNotGranted=TRUE)
 
bool fwAccessControl_HasSystemAdminPrivilege (dyn_string &exceptionInfo, string user="", bool exceptionOnNotGranted=TRUE)
 
void fwAccessControl_getGroupPrivileges (string groupName, dyn_string domainNames, dyn_string &privileges, dyn_string &exceptionInfo, bool recursively=FALSE)
 
void fwAccessControl_updateGroupPrivileges (string groupName, dyn_string newPrivileges, dyn_string &exceptionInfo)
 
void fwAccessControl_getUserPrivileges (string userName, dyn_string domainNames, dyn_string &privileges, dyn_string &exceptionInfo, bool strictRoleChecking=FALSE)
 
void fwAccessControl_checkUserPrivilege (string userName, string domainName, string privilegeName, bool &granted, dyn_string &exceptionInfo)
 
void fwAccessControl_isGranted (string domain_privilege, bool &granted, dyn_string &exceptionInfo)
 
void fwAccessControl_getGroupsHavingPrivilege (string domainName, string privName, dyn_string &groups, dyn_string &exceptionInfo)
 
void fwAccessControl_getUsersHavingPrivilege (string domainName, string privName, dyn_string &users, dyn_string &exceptionInfo)
 
void fwAccessControl_getPrivilegeNames (string domainName, dyn_string &privilegeNames, dyn_int &privilegeIds, dyn_string &exceptionInfo)
 
dyn_string fwAccessControl_getAllAccessRightNames (dyn_string &exceptionInfo)
 
void fwAccessControl_checkUserPrivilege_AuthFunc (string userName, string domainName, string privilegeName, bool &granted, dyn_string &exceptionInfo)
 
private bool fwAccessControl_verifyUIManAndWSAuth (string userName, string domainName, string privilegeName, dyn_string &exceptionInfo)
 
private void fwAccessControl_checkUserPrivilege_AuthFunc_Builtin (string userName, string domainName, string privilegeName, bool &granted, dyn_string &exceptionInfo)
 
void fwAccessControl_checkUserPrivilege_AuthFastFunc (string userName, string domainName, string privilegeName, bool &granted, dyn_string &exceptionInfo)
 
void fwAccessControl_setPrivilegeNames (string domainName, dyn_string privilegeNames, dyn_string &exceptionInfo)
 

Detailed Description

Function Documentation

bool fwAccessControl_HasUserAdminPrivilege ( dyn_string &  exceptionInfo,
string  user = "",
bool  exceptionOnNotGranted = TRUE 
)
check if user has User Administration privilege
Parameters
exceptionInfostandard error-handling variable
user(optional) the name of the user for which privilege is checked; by default (empty string) - current user.
exceptionOnNotGrantedif true, also raises exception when the user has no privilege
Returns
TRUE if the requested user has User Administration privilege
bool fwAccessControl_HasGroupAdminPrivilege ( dyn_string &  exceptionInfo,
string  user = "",
bool  exceptionOnNotGranted = TRUE 
)
check if user has Group Administration privilege
Parameters
exceptionInfostandard error-handling variable
user(optional) the name of the user for which privilege is checked; by default (empty string) - current user.
exceptionOnNotGrantedif true, also raises exception when the user has no privilege
Returns
TRUE if the requested user has Group Administration privilege
bool fwAccessControl_HasDomainAdminPrivilege ( dyn_string &  exceptionInfo,
string  user = "",
bool  exceptionOnNotGranted = TRUE 
)
check if user has Domain Administration privilege
Parameters
exceptionInfostandard error-handling variable
user(optional) the name of the user for which privilege is checked; by default (empty string) - current user.
exceptionOnNotGrantedif true, also raises exception when the user has no privilege
Returns
TRUE if the requested user has Domain Administration privilege
bool fwAccessControl_HasSystemAdminPrivilege ( dyn_string &  exceptionInfo,
string  user = "",
bool  exceptionOnNotGranted = TRUE 
)
check if user has System Administration (root) privilege
Parameters
exceptionInfostandard error-handling variable
user(optional) the name of the user for which privilege is checked; by default (empty string) - current user.
exceptionOnNotGrantedif true, also raises exception when the user has no privilege
Returns
TRUE if the requested user has System Administration privilege
void fwAccessControl_getGroupPrivileges ( string  groupName,
dyn_string  domainNames,
dyn_string &  privileges,
dyn_string &  exceptionInfo,
bool  recursively = FALSE 
)
get the list of privileges granted to a group
Parameters
groupNamespecifies the group name
domainNamesif empty, all domains are searched, including system domain
privilegeson return contains the list of privileges
exceptionInfostandard error-handling variable
recursively(optional, default FALSE); determines if group hierarchy should be traversed recursively to extract all privileges
void fwAccessControl_updateGroupPrivileges ( string  groupName,
dyn_string  newPrivileges,
dyn_string &  exceptionInfo 
)
sets (updates) the privileges of a group
Parameters
groupNamespecifies the group name
newPrivilegescontains the list of new privileges, encoded as "domain:privilege" strings
exceptionInfostandard error-handling variable
void fwAccessControl_getUserPrivileges ( string  userName,
dyn_string  domainNames,
dyn_string &  privileges,
dyn_string &  exceptionInfo,
bool  strictRoleChecking = FALSE 
)

get privileges of specified user for a domain

This function returns the list of privileges for a specified user in a specified domain (or a list of domains)

void fwAccessControl_checkUserPrivilege ( string  userName,
string  domainName,
string  privilegeName,
bool &  granted,
dyn_string &  exceptionInfo 
)
check if specific user has permission in a domain
Parameters
userNameuser name for which privileges are checked; empty string: get current user
domainNamedomain name in which privilege is checked
privilegeNameprivilege name queried
grantedon return will contain TRUE if user has the privilege, FALSE otherwise
exceptionInfostandard error-handling variable
Note
There is a peculiar behaviour in PVSS access control functions for domains, i.e. when calling getUserPermissionForArea, the access is granted ONLY if user has specified access-bit set for area AND the same bit set also in system domain! That means we need to have (at least) bits 21-28 of system SET TO 1.
if userName is NULL (ie get current user), then the function will also take into account the current workstation/manager authorization masks, which allows to restrict certain privileges to certain workstations; this will however not work if a custom authorization function is specified.
void fwAccessControl_isGranted ( string  domain_privilege,
bool &  granted,
dyn_string &  exceptionInfo 
)
This function returns whether the current user has been granted a certain privilege.

Modification History: None
Constraints: None
Usage: JCOP framework internal
PVSS manager usage: VISION

Parameters
domain_privilegestring that contains the domain, the privilege is seeked in, concatenate via : with the name of the domain
grantedboolean that will contain the result of the query
exceptionInfodyn_string for JCOP Fw exception handling
See Also
fwAccessControl_checkUserPrivilege fwAccessControl_getUserPrivileges
void fwAccessControl_getGroupsHavingPrivilege ( string  domainName,
string  privName,
dyn_string &  groups,
dyn_string &  exceptionInfo 
)
get the list of groups that hold specific privilege

Note: the function also looks up through each groups' subgroups to resolve all privileges...

void fwAccessControl_getUsersHavingPrivilege ( string  domainName,
string  privName,
dyn_string &  users,
dyn_string &  exceptionInfo 
)

get the list of users that hold specific privilege

void fwAccessControl_getPrivilegeNames ( string  domainName,
dyn_string &  privilegeNames,
dyn_int &  privilegeIds,
dyn_string &  exceptionInfo 
)

get the names (and ids) of privileges in a specifc domain

dyn_string fwAccessControl_getAllAccessRightNames ( dyn_string &  exceptionInfo)

get the list of all valid access right names from all domains

void fwAccessControl_checkUserPrivilege_AuthFunc ( string  userName,
string  domainName,
string  privilegeName,
bool &  granted,
dyn_string &  exceptionInfo 
)

Default authorization-checking routine

void fwAccessControl_setPrivilegeNames ( string  domainName,
dyn_string  privilegeNames,
dyn_string &  exceptionInfo 
)

sets the list of privilege names for a domain