Need to get the list of all USERS and GROUPS having read access to an IDataObject in Agile PLM.
Problem Statement : Need to get the list of all USERS and GROUPS having read access to an IDataObject in Agile PLM.
Current Approach : To get the required details :
- we are first retrieving the list of all ACTIVE USERS from Agile PLM.
- For each IUser in User list we are executing hasPrivilege() for DISCOVER and READ privileges.
- If both the privileges are found then we add such user in Allowed Users list.
|
SortedSet<String> allowedUsers = new TreeSet<String>(); List<IUser> users = getUsers(); for (IUser user : users) { boolean hasReadPriv = user.hasPrivilege(UserConstants.PRIV_READ, object); boolean hasDiscoverPriv = user.hasPrivilege(UserConstants.PRIV_DISCOVER, object);
if (hasReadPriv && hasDiscoverPriv) { allowedUsers.add(user.getName()); } } |
Pitfalls of Current Approach :
Indeed our approach solves the problem, however on BIG DATABASES (where large number of Users are present in the system), the solution is performant. It takes significant amount of time to iterate over the users and then calling IUser.hasPrivilege() twice.
It would be really helpful, if someone can point us to any other alternative API to solve the problem. We are also open to directly execute Database queries to get such information.
Thank you for your quick and valuable replies.
Usually most internal users have discover & read priviliges to all itemschanges (IDataObject), and most likely through a single role. So i suggest to first exclude all these users (whom are assign to specific known role) from your current check, then check upon much smaller set of users, and finally combine the two lists (internal users who always got the priviliges and other users who pass the check).
In your API you can check only Discover privilege because if you don’t have discovery privilege user will not see the object at all and if user have discovery privilege then user will read all fields from read privileges .
Another approach is to use report give usernames per privilege by used “Role and Privilege Summary Report” from Administrator . In result of this report you get Role name and description, Privilege name and description and users name. This report I think it will be more easy for you to create your report you need.
