Hi,
Use the below job to get list of duties and privileges under one or more roles.
static void
getAllDutiesAndPrivilidgesUnderRole(Args _args)
{
str fileName = @"C:\Users\[UserId]\Desktop\allDutiesAndPrivilidgesUnderRole.csv";
CommaTextIo
commaTextIo;
FileIOPermission
permission;
SecurityTaskEntryPoint
taskEntryPoint;
SecurityRole role;
SecurityRoleTaskGrant taskGrant;
SecuritySubTask subTask;
SecurityTask privilege;
SecurityTask
securityTask;
SecurableObject
securableObject;
DictEnum dictEnum;
str privAOTName;
str dutyAOTName;
str privName;
str dutyName;
str entrName;
str accessLevel;
str menuItemType;
FromTime
startTime = timeNow();
#File
;
permission = new
FileIOPermission(fileName,#io_write);
permission.assert();
commaTextIo = new
CommaTextIo(fileName,#io_write);
//Header
commaTextIo.write(
"Role AOT name",
"Description",
"Duty AOT name",
"Description",
"Privilidge AOT name",
"Description",
"Entry point",
"Type",
"Access level");
while select
taskEntryPoint
join subTask
where subTask.SecuritySubTask ==
taskEntryPoint.SecurityTask
join taskGrant
where taskGrant.SecurityTask ==
subTask.SecurityTask
join role
where role.RecId == taskGrant.SecurityRole
//&&
role.AotName like 'Sales*'
//|| role.AotName like 'System*'
{
menuItemType = "";
dutyAOTName = "";
dutyName = "";
privAOTName = "";
privName = "";
if (subTask.RecId)
{
switch (taskEntryPoint.PermissionGroup)
{
case AccessRight::View:
accessLevel = "Read";
break;
case AccessRight::Edit:
accessLevel = "Update";
break;
case AccessRight::Add:
accessLevel = "Create";
break;
case AccessRight::Delete:
accessLevel = "Delete";
break;
default:
accessLevel = "";
break;
}
}
select privilege
where privilege.RecId ==
taskGrant.SecurityTask
&& SecurityTaskType::Duty == privilege.Type;
dutyAOTName = privilege.AotName;
dutyName = privilege.Name;
select privilege
where privilege.RecId ==
subTask.SecuritySubTask
&& SecurityTaskType::Privilege == privilege.Type;
privAOTName = privilege.AotName;
privName = privilege.Name;
select RecId, Type, Name from securableObject
where securableObject.RecId ==
taskEntryPoint.EntryPoint && (securableObject.Type ==
SecurableType::MenuItemDisplay
|| securableObject.Type == SecurableType::MenuItemAction ||
securableObject.Type == SecurableType::MenuItemOutput);
dictEnum = new DictEnum(enumNum(MenuItemType));
menuItemType = dictEnum.index2Name(securableObject.Type);
commaTextIo.write(role.AotName,
role.Name,
dutyAOTName,
dutyName,
privAOTName,
privName,
securableObject.Name,
menuItemType,
accessLevel);
}
//sometimes a role has a privielge direclty assigned
instead of a duty. So this code is for those privileges.
//In this case duty will not exist.
while select
SecurityTask, SecurityRole from
taskGrant
join RecId, Type, AOTName from securitytask where
securityTask.RecId == taskGrant.SecurityTask
&& taskGrant.SecurityRole == taskGrant.SecurityRole &&
securitytask.Type == SecurityTaskType::Privilege
join securityTask, EntryPoint from taskEntryPoint where taskEntryPoint.SecurityTask ==
securitytask.RecId
{
menuItemType = "";
dutyAOTName = "";
dutyName = "";
privAOTName = "";
privName = "";
select RecId, Type, Name from securableObject
where securableObject.RecId
== taskEntryPoint.EntryPoint && (securableObject.Type ==
SecurableType::MenuItemDisplay
|| securableObject.Type == SecurableType::MenuItemAction ||
securableObject.Type == SecurableType::MenuItemOutput);
if(securableObject)
{
select privilege
where privilege.RecId ==
securityTask.RecId
&& SecurityTaskType::Privilege == privilege.Type;
privAOTName = privilege.AotName;
privName = privilege.Name;
dictEnum = new DictEnum(enumNum(MenuItemType));
menuItemType = dictEnum.index2Name(securableObject.Type);
commaTextIo.write(role.AotName,
role.Name,
dutyAOTName,
dutyName,
privAOTName,
privName,
securableObject.Name,
menuItemType,
accessLevel);
}
}
CodeAccessPermission::revertAssert();
info(strFmt("Total
time: %1", timeConsumed(startTime, timeNow())));
}
