How can I check Application permissions in Agile API

Comments

4 comments

  • Avatar
    Sanjay

    Eliahut,

    You can call the api "/Extension/GetReleasedMyApps/false" which will give you the list of apps for which the current user (the user calling the api) has initiate permissions.
    That way you don't have to check the permissions at your end, AgilePoint will check it and give you the result.

    Thanks.

    1
    Comment actions Permalink
  • Avatar
    Loren Bratzler

    I have a similar question about app permissions.  Is there any place in the AgilePoint database where I can see what users and groups are assigned initiate permissions to an app?

    I often get asked to provide a list of all users who have access to initiate an application.  When I get this type of request, I have been going to the Permissions screen in the App Builder to get a list of Groups and Users who have Initiate permissions.  Then I go to the AgilePoint database and query the Group Members table to get a list of persons assigned to the groups.  Once I have this information, I can put together a list of all the users who can initiate the app.

    Doing this is tedious and time-consuming.  I would like to develop a report or a query where I can pass it the application name and the report or query returns back a list of all the users who can initiate the app.  The problem is, I have not been able to find a table in the APDB database that has the list of users and groups with Initiate permissions for an app.

    0
    Comment actions Permalink
  • Avatar
    Sanjay

    This involves multiple tables.

    1. Get the BASE_DEF_ID of the process model in interest (Note that, process initiator permission is set at individual process model level)

    SELECT [BASE_DEF_ID] FROM [AP_Workflow_DB].[dbo].[WF_PROC_DEFS] where DEF_NAME="MyProcessModel'

    1. Get the SecurityGroupID

    SELECT  [ID] FROM [AP_Workflow_DB].[dbo].[WF_SECURITY_GROUPS] where OWNER_ID=<BASE_DEF_ID from #1> and NAME='ProcessInitiators'

    1. Get the security group members

    SELECT * from [AP_Workflow_DB].[dbo].[WF_SECURITY_GROUP_MEMBERS]
    where SECURITY_GROUP_ID='<Security group id from #2>'

    1. The records returned by #3
    • If ASSIGNEE_TYPE = Group, and ASSIGNEE = *, then all users in the system has the permission.
    • If ASSIGNEE_TYPE = Group, and ASSIGNEE = <groupName>, then get the group members
    •         SELECT [MEMBER] FROM [AP_Workflow_DB].[dbo].[WF_GROUP_MEMBERS] where NAME = <groupname>
    • Id ASSIGNEE_TYPE = User then ASSIGNEE will have the individual username. 

    You may build the complex query out of this. Hope this helps.

    1
    Comment actions Permalink
  • Avatar
    Loren Bratzler

    Sanjay - Thank you very much!!  This is awesome.  Below is the query I developed.  You simply plug in your process model name into the @DEF_NAME scalar variable and the query will return back a list of all users who can initiate the process.  It returns both the User Name and Full Name of the persons.

    I did add a condition when querying WF_PROC_DEFS to only include STATUS = 'Released' in order to get only the latest active version of the process.

    I did not put logic in this query to handle the "All Users" scenario (ASSIGNEE_TYPE = Group and ASSIGNEE = *).  We don't have any apps that we have opened up to All Users.  And even if we did, I would not need to use this query since everyone would have access to the app.

     

    declare @DEF_NAME nvarchar(256);
    set @DEF_NAME = 'Process Model Name';

    select gm.MEMBER as USER_NAME, ru.FULL_NAME as FULL_NAME
    from WF_GROUP_MEMBERS gm
    join WF_REG_USERS ru on gm.MEMBER = ru.USER_NAME_UPCASE
    where gm.NAME in
    (
    select ASSIGNEE
    from WF_SECURITY_GROUP_MEMBERS
    where ASSIGNEE_TYPE = 'Group'
    and SECURITY_GROUP_ID =
       (
       select ID
       from WF_SECURITY_GROUPS
       where NAME = 'ProcessInitiators'
       and OWNER_ID =
          (
          select BASE_DEF_ID
          from WF_PROC_DEFS
          where DEF_NAME = @DEF_NAME
          and STATUS = 'Released'
          )
       )
    )
    UNION
    select USER_NAME_UPCASE as USER_NAME, FULL_NAME as FULL_NAME
    from WF_REG_USERS
    where USER_NAME_UPCASE in
    (
    select ASSIGNEE
    from WF_SECURITY_GROUP_MEMBERS
    where ASSIGNEE_TYPE = 'User'
    and SECURITY_GROUP_ID =
       (
       select ID
       from WF_SECURITY_GROUPS
       where NAME = 'ProcessInitiators'
       and OWNER_ID =
          (
          select BASE_DEF_ID
          from WF_PROC_DEFS
          where DEF_NAME = @DEF_NAME
          and STATUS = 'Released'
          )
       )
    )

     

    0
    Comment actions Permalink

Please sign in to leave a comment.