Delete an AccessRec

Hi Community

I have a Script, that copies Views from one Module to another Module.
It works fine, but if i have to create a new View (editing works), it automatically sets the Databasemanager-group("DBM"), my user("XYZ"(member of "DBM")) and "Everyone else" with Access rights to the new view.
How can I delete "XYZ" from this List or is there a way to prevent that the user is set.
I get the AccessRec of this user, but i haven't found a way to delete it.

string result
View createdView = ...
AccessRec ar = get(createdView, "XYZ", result)

Hopefully you can help me with my Problem, so that i needn't to manually fix it.

Thanks in advance
Maiko@Doors - Wed Sep 12 06:08:25 EDT 2012

Re: Delete an AccessRec
MichaelGeorg - Wed Sep 12 06:28:32 EDT 2012

Hello Maiko,

you can use unset to remove access rights. (See section "unset, unsetDef, unsetVal, unsetAll" in page "controlling access".)

Regards,
Michael

Re: Delete an AccessRec
llandale - Wed Sep 12 11:34:26 EDT 2012

I think you need to change the view to not-inherit it's accesses; specifically this means make it's access "specific":
  • string ErrMess = specific(viu)
Contrasted to its sibling:
  • string ErrMess = inherited(viu)

Then you can adjust specific AccessRecords.

-Louie

Re: Delete an AccessRec
Mathias Mamsch - Wed Sep 12 12:22:59 EDT 2012

Copying Access Rights when you are not Administrator is tricky. You need to have control access by any means in the first place, either through a group your user or everyone rights. Then what you need to do is:
 

  • explicitly add your user with RMCDA rights, so you will retain access throughout the whole operation
  • remove the other users, so you start with a clean slate


I like to use a code like this for it:

 

 

set (item, control | delete, "") // give everyone control permissions
unsetAll (item) 
set (item, control | delete, "myUser")



You will end up with an access record, that has you with RMCDA, everyone with RMCDA. Then you copy over all access records, except your own:



 

 

 

 

AccessRec ar
Permission myPermission = none
bool bRemoveMe = true
 
// loop over the access records of the source item 
for ar in sourceItem do {
   string sUser = username ar 
   Permission perm = getPermission ar  // this function needs to be made
   // if this is an access record for our user, store it 
   if (sUser == sMyUserName) {
      ourPermission = perm
      bRemoveUs = false
   } else {
      // else copy it 
      set (targetItem, perm, sUser)
   }
}



Then last but not least, you set your own access rights, possibly revoking your control access:



 

 

 

// now either remove or set our permissions
if (bRemoveUs) {
   unset (targetItem, sMyUserName) 
} else {
   set (targetItem, myPermission , sMyUserName) 
}



This is the only safe way I know to copy/set access rights. The getPermission function is simple:



 

 

Permission getPermission (AccessRec ar) {
  Permission result = none
  if (read ar) result   = result  | read() 
  if (modify ar) result = result  | modify()
  if (create ar) result  = result | create()
  if (delete ar) result = result  | delete()
  if (control ar) result = result | control()
  return result
}


Regards, Mathias

 

 


Mathias Mamsch, IT-QBase GmbH, Consultant for Requirement Engineering and D00RS

 

Re: Delete an AccessRec
llandale - Wed Sep 12 14:05:18 EDT 2012

Mathias Mamsch - Wed Sep 12 12:22:59 EDT 2012

Copying Access Rights when you are not Administrator is tricky. You need to have control access by any means in the first place, either through a group your user or everyone rights. Then what you need to do is:
 

  • explicitly add your user with RMCDA rights, so you will retain access throughout the whole operation
  • remove the other users, so you start with a clean slate


I like to use a code like this for it:

 

 

set (item, control | delete, "") // give everyone control permissions
unsetAll (item) 
set (item, control | delete, "myUser")



You will end up with an access record, that has you with RMCDA, everyone with RMCDA. Then you copy over all access records, except your own:



 

 

 

 

AccessRec ar
Permission myPermission = none
bool bRemoveMe = true
 
// loop over the access records of the source item 
for ar in sourceItem do {
   string sUser = username ar 
   Permission perm = getPermission ar  // this function needs to be made
   // if this is an access record for our user, store it 
   if (sUser == sMyUserName) {
      ourPermission = perm
      bRemoveUs = false
   } else {
      // else copy it 
      set (targetItem, perm, sUser)
   }
}



Then last but not least, you set your own access rights, possibly revoking your control access:



 

 

 

// now either remove or set our permissions
if (bRemoveUs) {
   unset (targetItem, sMyUserName) 
} else {
   set (targetItem, myPermission , sMyUserName) 
}



This is the only safe way I know to copy/set access rights. The getPermission function is simple:



 

 

Permission getPermission (AccessRec ar) {
  Permission result = none
  if (read ar) result   = result  | read() 
  if (modify ar) result = result  | modify()
  if (create ar) result  = result | create()
  if (delete ar) result = result  | delete()
  if (control ar) result = result | control()
  return result
}


Regards, Mathias

 

 


Mathias Mamsch, IT-QBase GmbH, Consultant for Requirement Engineering and D00RS

 

Mathias implied something that I will emphasize: the above code is for "when you are not the administrator".

You cannot set your own access when you ARE the administrator and you don't need to; when you are then just erase the existing ones and copy over the other ones.

-Louie

Re: Delete an AccessRec
Mathias Mamsch - Wed Sep 12 17:22:15 EDT 2012

llandale - Wed Sep 12 14:05:18 EDT 2012
Mathias implied something that I will emphasize: the above code is for "when you are not the administrator".

You cannot set your own access when you ARE the administrator and you don't need to; when you are then just erase the existing ones and copy over the other ones.

-Louie

Louie, you are right, one should check the username for Administrator in this line:
 

if (sUserName != "Administrator") set (item, control | delete, sUserName)

 


Then the above code will work for both cases. The funny thing is, that technically you CAN set access records for Administrator. Luckily they are ignored by DOORS.

 

 

 

set (current Module, read, "Administrator")



So the above code would have added RMCDA Access Records for Administrator, which would not disturb, but are useless.

Regards, Mathias



 

 

 


Mathias Mamsch, IT-QBase GmbH, Consultant for Requirement Engineering and D00RS

 

Re: Delete an AccessRec
llandale - Thu Sep 13 15:50:32 EDT 2012

Mathias Mamsch - Wed Sep 12 17:22:15 EDT 2012

Louie, you are right, one should check the username for Administrator in this line:
 

if (sUserName != "Administrator") set (item, control | delete, sUserName)

 


Then the above code will work for both cases. The funny thing is, that technically you CAN set access records for Administrator. Luckily they are ignored by DOORS.

 

 

 

set (current Module, read, "Administrator")



So the above code would have added RMCDA Access Records for Administrator, which would not disturb, but are useless.

Regards, Mathias



 

 

 


Mathias Mamsch, IT-QBase GmbH, Consultant for Requirement Engineering and D00RS

 

However that access record provides errors when the next (non-Administrator) user opens the modules; since that user does not indeed have access to that Account.
  • -R-E- DXL: <standard/access/accessTab.inc:1885> An unexpected error has occurred: No access to the administrator account
  • Backtrace:
  • <standard/itemProperties/properties.dxl:204>
  • <standard/itemProperties/properties.dxl:856>
  • <standard/itemProperties/properties.dxl:881>

So I guess I should have said "must not" instead of "cannot".

-Louie

There was bug like this vis-a-vis Adminstrator created views; v8.1 I think.

Re: Delete an AccessRec
Maiko@Doors - Fri Sep 14 04:17:22 EDT 2012

Thank you for your effort.

My idea was to completely delete an Access Entry of my User "XYZ" (not setting Read Access). Deleting is possible, because the user is a member of "DBM" and "DBM" has full Access.
Setting Read Access to "XYZ" doesn't work, because i would remove my own rights.
The function i wanted to use is implemented in DOORS over: View->Manage Views->Select View->Access->Delete.
Overall it seems, that this function is not implemented or published in DOORS Dxl Script.
So it looks that i have to manually fix it.

Maiko

Re: Delete an AccessRec
Peter_Albert - Fri Sep 14 04:36:16 EDT 2012

Maiko@Doors - Fri Sep 14 04:17:22 EDT 2012
Thank you for your effort.

My idea was to completely delete an Access Entry of my User "XYZ" (not setting Read Access). Deleting is possible, because the user is a member of "DBM" and "DBM" has full Access.
Setting Read Access to "XYZ" doesn't work, because i would remove my own rights.
The function i wanted to use is implemented in DOORS over: View->Manage Views->Select View->Access->Delete.
Overall it seems, that this function is not implemented or published in DOORS Dxl Script.
So it looks that i have to manually fix it.

Maiko

May I ask why the solution proposed above by MichaelGeorg does not work in your case?

string s
View v = view("your new view")
AccessRec ar = get(v,"XYZ",s)
unset(v,"XYZ")

 


As I read you initial post, you don't want to copy access rights, you just want to remove one specific access right ("XYZ"), and you have still control access through your membership in group "DBM", don't you?

Cheers,

Peter

 

Re: Delete an AccessRec
Maiko@Doors - Fri Sep 14 06:31:41 EDT 2012

I thank you all

unset works.
My mistake was, that my current Module wasn't the Module, where i created the view.
So I changed the current Module and it works.

Maiko