Query for a User’s Roles


Some folks have asked about doing a query of  a given user’s roles. While this is not yet in the UI it is pretty easy to do via script. Here’s a sample, if you’re integrating AzMan interfaces into your custom UI this logic could be used to implement a user role query across a store.


‘ THIS CODE AND INFORMATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF
‘ ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
‘ THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
‘ PARTICULAR PURPOSE.

‘  Copyright (c) Microsoft Corporation. All rights reserved


‘ Script to query and dump a users roles in a specified AzMan
‘ store across all applications in the store


Option Explicit
Dim objArgs
Set objArgs = WScript.Arguments
If objArgs.count <> 2 then
  wscript.echo “Usage: GetRoles <AzManStoreURL> <UserName>”
  wscript.echo “Example: SetBizRule msxml://c:\AzStore.xml nwtraders\JohnDoe”
  wscript.echo “Run in’cscript’ command in cmd.exe to avoid msg boxes”
Else
Dim AzManStoreURL : AzManStoreURL = objArgs(0)
Dim UserName: UserName = objArgs(1)
End If



‘— Initilaize the Authorization Manager store object

Dim pAzManStore
Set pAzManStore = CreateObject(“AzRoles.AzAuthorizationStore”)
pAzManStore.Initialize 0, AzManStoreURL
pAzManStore.Submit



‘— Dump a users roles

Dim Apps,App
Dim ClientContext
Dim ClientScopes,Scope
Dim CurrentScopesPage
Dim ClientRoles, Role
Dim MoreScopes




‘— For each app create a clientcontext and enumerate roles in scopes

Set apps = pAzManStore.Applications


wscript.echo (“Roles for ” & UserName)
for each app in apps


   Set ClientContext = app.InitializeClientContextFromName(UserName)
   wscript.echo (vbnewline & “Application: ” & app.name)
  
   Set CurrentScopesPage = nothing
   Set ClientScopes = nothing
   MoreScopes = True


   do while MoreScopes = True       
      ClientScopes = ClientContext.GetAssignedScopesPage(0,9,CurrentScopesPage)


      for each scope in ClientScopes
         If scope = “” then
            wscript.echo (”  Applicaiton Level Roles:”)
         Else
            wscript.echo (”    Scope ‘” & scope & “‘ Roles:”)
         End if


         ClientRoles = ClientContext.GetRoles (scope)
         for each role in ClientRoles
            wscript.echo (”      ” & role)
         next
      next


      if UBound(ClientScopes) = -1 then
         MoreScopes = FALSE
      End If
   loop
next


Comments (4)

  1. Discofunk says:

    It is very useful to get a list of Roles a client has for a given scope/application. However, it would be just as useful to get a list of scopes a user has been assigned a role to and a list of applications a user has been assigned to through clientcontext.  Is this possible?  Maybe in the future?  I know one could write some nested loops to achieve this, but it would be nice to see this in the API and I’m not sure looping is a good idea if there are thousands of scopes.

  2. davemm says:

    For some reason I’m not getting notifications when you guys post. I’ll look into that…

    To answer your question, yes you can get a list of scopes. Call the GetAssignedScopesPage method. In fact the above code uses this method.

    Getting the assigned applicaitons requries an addtioanl step which is to iterate on each app and call GetAssignedScopesPage and if it returns anything then that app has assignments for the user. The for loop in the above code demos this (just comment out the stuff about getting roles.)

    -HTH

    Dave

Skip to main content