Query for a User's Roles

Some folks have asked about doing a query of  a given user's roles. While this is not yet in the UI it is pretty easy to do via script. Here's a sample, if you're integrating AzMan interfaces into your custom UI this logic could be used to implement a user role query across a store.

' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
' ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
' THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
' PARTICULAR PURPOSE.
'
' Copyright (c) Microsoft Corporation. All rights reserved
'
'
' Script to query and dump a users roles in a specified AzMan
' store across all applications in the store
'

Option Explicit
Dim objArgs
Set objArgs = WScript.Arguments
If objArgs.count <> 2 then
wscript.echo "Usage: GetRoles <AzManStoreURL> <UserName>"
wscript.echo "Example: SetBizRule msxml://c:\AzStore.xml nwtraders\JohnDoe"
wscript.echo "Run in'cscript' command in cmd.exe to avoid msg boxes"
Else
Dim AzManStoreURL : AzManStoreURL = objArgs(0)
Dim UserName: UserName = objArgs(1)
End If

'
'--- Initilaize the Authorization Manager store object
'
Dim pAzManStore
Set pAzManStore = CreateObject("AzRoles.AzAuthorizationStore")
pAzManStore.Initialize 0, AzManStoreURL
pAzManStore.Submit

'
'--- Dump a users roles
'
Dim Apps,App
Dim ClientContext
Dim ClientScopes,Scope
Dim CurrentScopesPage
Dim ClientRoles, Role
Dim MoreScopes

'
'--- For each app create a clientcontext and enumerate roles in scopes
'
Set apps = pAzManStore.Applications

wscript.echo ("Roles for " & UserName)
for each app in apps

   Set ClientContext = app.InitializeClientContextFromName(UserName)
wscript.echo (vbnewline & "Application: " & app.name)

Set CurrentScopesPage = nothing
Set ClientScopes = nothing
MoreScopes = True

   do while MoreScopes = True
ClientScopes = ClientContext.GetAssignedScopesPage(0,9,CurrentScopesPage)

      for each scope in ClientScopes
If scope = "" then
wscript.echo (" Applicaiton Level Roles:")
Else
wscript.echo (" Scope '" & scope & "' Roles:")
End if

         ClientRoles = ClientContext.GetRoles (scope)
for each role in ClientRoles
wscript.echo (" " & role)
next
next

      if UBound(ClientScopes) = -1 then
MoreScopes = FALSE
End If
loop
next

Comments

  • Anonymous
    December 05, 2006
    It is very useful to get a list of Roles a client has for a given scope/application. However, it would be just as useful to get a list of scopes a user has been assigned a role to and a list of applications a user has been assigned to through clientcontext.  Is this possible?  Maybe in the future?  I know one could write some nested loops to achieve this, but it would be nice to see this in the API and I'm not sure looping is a good idea if there are thousands of scopes.
  • Anonymous
    December 11, 2006
    For some reason I'm not getting notifications when you guys post. I'll look into that...To answer your question, yes you can get a list of scopes. Call the GetAssignedScopesPage method. In fact the above code uses this method.Getting the assigned applicaitons requries an addtioanl step which is to iterate on each app and call GetAssignedScopesPage and if it returns anything then that app has assignments for the user. The for loop in the above code demos this (just comment out the stuff about getting roles.)-HTHDave
  • Anonymous
    April 01, 2008
    PingBack from http://copyrightrenewalsblog.info/authorization-manager-team-blog-query-for-a-users-roles/
  • Anonymous
    June 08, 2009
    PingBack from http://quickdietsite.info/story.php?id=6246