Title: SeeSec
Author: Joe Peters
Author notes:
Platform: Java
Version: 1.0
Disclaimer: I have not exhaustively tested the results of these scripts. It’s possible (likely) that there there are assigned rights in the system that are not displayed.
XIr2 code:
import com.crystaldecisions.sdk.occa.infostore.*;
import com.crystaldecisions.sdk.framework.*;
import com.crystaldecisions.sdk.exception.SDKException;
import com.crystaldecisions.sdk.plugin.desktop.folder.*;
import java.util.*;
/* Classpath:
C:\Program Files\Business Objects\common\3.5\java\lib\ebus405.jar
C:\Program Files\Business Objects\common\3.5\java\lib\boconfig.jar
C:\Program Files\Business Objects\common\3.5\java\lib\cecore.jar
C:\Program Files\Business Objects\common\3.5\java\lib\celib.jar
C:\Program Files\Business Objects\common\3.5\java\lib\ceplugins.jar
C:\Program Files\Business Objects\common\3.5\java\lib\cesession.jar
C:\Program Files\Business Objects\common\3.5\java\lib\ceutils.jar
C:\Program Files\Business Objects\common\3.5\java\lib\corbaidl.jar
C:\Program Files\Business Objects\common\3.5\java\lib\rascore.jar
C:\Program Files\Business Objects\common\3.5\java\lib\Serialization.jar
*/
public class SeeSec
{
// Set the following three variables with logon info the the CMS.
public static String strUser = "<user name>";
public static String strCMS = "<cms name>";
public static String strPwd = "<user password>";
// Set this to true to display all advanced rights; false will just display a count of assigned rights if the access level is "advanced"
public static Boolean showAdvancedDetail = false;
public static IInfoStore infoStore;
public static void main(String[] args)
throws SDKException
{
System.out.println ("Connecting to: " + strCMS);
// Print out header
if(showAdvancedDetail)
System.out.println("Principal\tObject ID\tObject Kind\tPath\tAccess Level\tGranted/Denied\tAdvanced Right");
else
System.out.println("Principal\tObject ID\tObject Kind\tPath\tAccess Level\tCount of Advanced Rights");
// Log in to CMS and get infoStore
ISessionMgr oSessionMgr;
IEnterpriseSession oEnterpriseSession;
oSessionMgr = CrystalEnterprise.getSessionMgr();
oEnterpriseSession = oSessionMgr.logon(strUser, strPwd, strCMS, "secEnterprise");
infoStore = (IInfoStore)oEnterpriseSession.getService("", "InfoStore");
// Hold the last ID in each batch, so we know where to start the next one.
Integer theID = new Integer(0);
while(true)
{
IInfoObjects iObjects = infoStore.query("SELECT TOP 1000 si_path,si_id,si_kind,si_parentid FROM CI_infoobjects,ci_systemobjects,ci_appobjects where si_kind not in ('personalcategory','MetaData.DataDBField','MetaData.BusinessField','AuditEventInfo','BIWidgets','ClientAction','ClientActionSet','ClientActionUsage') and si_kind not like 'Encyclopedia%' and si_instance = 0 and si_id > " + theID + " order by si_id");
// Run until there are no more objects.
if(iObjects.size() == 0)
break;
theID = printEm(infoStore,iObjects);
}
}
static Integer printEm(IInfoStore oInfoStore,IInfoObjects iObjects)
throws SDKException
{
Integer maxID = new Integer(99999999);
for(int i = 0; i < iObjects.size(); i++)
{
IInfoObject iObject = (IInfoObject) iObjects.get(i);
maxID = new Integer(iObject.getID());
// Get SecurityInfo for the object
ISecurityInfo objectSecurityInfo = iObject.getSecurityInfo();
// And get the principals that have assigned rights
IObjectPrincipals iEPs = objectSecurityInfo.getObjectPrincipals();
// Loop through each principal
for(Iterator<IObjectPrincipal> iopi = iEPs.iterator(); iopi.hasNext();)
{
IObjectPrincipal iEP = iopi.next();
if ((iObject.getKind().equals("Inbox") || iObject.getKind().equals("FavoritesFolder") || iObject.getKind().equals("PersonalCategory"))
&& iEP.getName().toLowerCase().equals(iObject.getTitle().toLowerCase()))
{
continue; // skip inbox & favorites folders for their owners.
}
if (iEP.getRights().size() == 0 && iEP.isInherited())
continue; // nothing to see here (no rights assigned, inheriting folders & groups)
ISecurityRights iERights = iEP.getRights();
String outString = iEP.getName() + "\t" + iObject.getID() + "\t" + iObject.getKind() + "\t" + getObjectPath(iObject) + "\t";
outString += iEP.getRole().getDescription(Locale.getDefault()) + "\t";
// If "Advanced" rights, and we're showing detail, then show each individual right; otherwise
// just show a count of assigned rights.
if (("Advanced".equals(iEP.getRole().getDescription(Locale.getDefault()))))
{
if(showAdvancedDetail)
{
if (iERights.size() == 0)
{
System.out.println(outString + "No rights assigned!");
}
else
{
for(Iterator<ISecurityRight> itRight = iERights.iterator(); itRight.hasNext();)
{
ISecurityRight isRight = itRight.next();
System.out.println ( outString + (isRight.isGranted() ? "Granted\t" : "Denied\t" ) + isRight.getDescription(Locale.getDefault()) );
}
}
}
else // Advanced, just show count
{
System.out.println(outString += iERights.size());
}
}
else // Not advanced rights
System.out.println (outString);
}
}
return maxID;
}
// Get the full path of an object
static String getObjectPath(IInfoObject inObject)
throws SDKException
{
IInfoObject oIO = inObject;
String path = "";
while(true)
{
// If the current object is a folder, get its "si_path" info; otherwise just iterate up through the objects' parents
if ("Folder".equals(oIO.getKind()))
{
oIO = (IInfoObject) infoStore.query("select si_id,si_path from CI_infoobjects,ci_systemobjects,ci_appobjects where si_id = " + oIO.getID()).get(0);
path = oIO.getTitle() + path;
try {
if ( oIO.getParentID() != 0)
for(String pathPart : ((IFolder)oIO).getPath() )
path = pathPart + "/" + path;
}
catch (Exception wtf)
{
// This shouldn't happen since we're checking for path count of 0 above, but just in case...
return "<" + oIO.getID() + ">" + "/" + path + oIO.getTitle();
}
return path;
}
else
path = path + "/" + oIO.getTitle();
oIO = oIO.getParent();
}
}
}
XI3 code:
import com.crystaldecisions.sdk.occa.infostore.*;
import com.crystaldecisions.sdk.occa.security.CeSecurityOptions;
import com.crystaldecisions.sdk.framework.*;
import com.crystaldecisions.sdk.exception.SDKException;
import com.crystaldecisions.sdk.plugin.desktop.folder.*;
import java.util.*;
/* Classpath:
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\classes\cesession.jar
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\classes\cecore.jar
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\classes\celib.jar
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\classes\ceplugins_core.jar
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\classes\ebus405.jar
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\classes\corbaidl.jar
C:\Program Files\Business Objects\common\4.0\java\lib\logging.jar
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\classes\boconfig.jar
*/
public class SeeSec
{
// Set the following three variables with logon info the the CMS.
public static String strUser = "<user name>";
public static String strCMS = "<cms name>";
public static String strPwd = "<user password>";
// Set this to true to display all advanced rights; false will just display a count of assigned rights if the access level is "advanced"
public static Boolean showAdvancedDetail = true;
public static IInfoStore infoStore;
public static void main(String[] args)
throws SDKException
{
System.out.println ("Connecting to: " + strCMS);
// Print out header
if(showAdvancedDetail)
System.out.println("Principal\tObject ID\tObject Kind\tPath\tAccess Level(s)\tInheriting Folder\tInheriting Group\tAdvanced Right Access\tAdvanced Right Scope\tAdvanced Right Description");
else
System.out.println("Principal\tObject ID\tObject Kind\tPath\tAccess Level(s)\tInheriting Folder\tInheriting Group\tAdvanced Right Count");
// Log in to CMS and get infoStore
ISessionMgr oSessionMgr;
IEnterpriseSession oEnterpriseSession;
oSessionMgr = CrystalEnterprise.getSessionMgr();
oEnterpriseSession = oSessionMgr.logon(strUser, strPwd, strCMS, "secEnterprise");
infoStore = (IInfoStore)oEnterpriseSession.getService("", "InfoStore");
// Hold the last ID in each batch, so we know where to start the next one.
Integer theID = new Integer(0);
while(true)
{
IInfoObjects iObjects = infoStore.query("SELECT TOP 1000 si_path,si_id,si_kind,si_parentid FROM CI_infoobjects,ci_systemobjects,ci_appobjects where si_kind not in ('personalcategory','MetaData.DataDBField','MetaData.BusinessField','AuditEventInfo','BIWidgets','ClientAction','ClientActionSet','ClientActionUsage') and si_kind not like 'Encyclopedia%' and si_instance = 0 and si_id > " + theID + " order by si_id");
if(iObjects.size() == 0)
break;
theID = printEm(infoStore,iObjects);
}
}
static Integer printEm(IInfoStore oInfoStore,IInfoObjects iObjects)
throws SDKException
{
Integer maxID = new Integer(99999999);
for(int i = 0; i < iObjects.size(); i++)
{
IInfoObject iObject = (IInfoObject) iObjects.get(i);
maxID = new Integer(iObject.getID());
ISecurityInfo2 objectSecurityInfo = iObject.getSecurityInfo2();
IExplicitPrincipals iEPs = objectSecurityInfo.getExplicitPrincipals();
for(Iterator<IExplicitPrincipal> iopi = iEPs.iterator(); iopi.hasNext();)
{
IExplicitPrincipal iEP = (IExplicitPrincipal)iopi.next();
if ((iObject.getKind().equals("Inbox") || iObject.getKind().equals("FavoritesFolder") || iObject.getKind().equals("PersonalCategory"))
&& iEP.getName().toLowerCase().equals(iObject.getTitle().toLowerCase()))
{
continue; // skip inbox & favorites folders for their owners.
}
if (iEP.getRights().size() == 0 && iEP.getRoles().size() == 0 && iEP.isInheritFolders() && iEP.isInheritGroups())
continue; // nothing to see here (no rights assigned, inheriting folders & groups)
IExplicitRights iERights = iEP.getRights();
String outString = iEP.getName() + "\t" + iObject.getID() + "\t" + iObject.getKind() + "\t" + getObjectPath(iObject) + "\t";
IExplicitRoles iERoles = iEP.getRoles();
for(Iterator<IExplicitRole> itERole = iERoles.iterator(); itERole.hasNext();)
{
IExplicitRole iERole = (IExplicitRole)itERole.next();
outString += iERole.getTitle() + ",";
}
if(iERoles.size() > 0)
outString = outString.substring(0,outString.length()-1);
outString += "\t" + (iEP.isInheritFolders() ? "Y\t" : "N\t")
+ (iEP.isInheritGroups() ? "Y\t" : "N\t");
if(showAdvancedDetail)
{
if (iERights.size() != 0)
{
for(Iterator<IExplicitRight> itRight = iERights.iterator(); itRight.hasNext();)
{
Boolean displayIt = true;
IExplicitRight isRight = itRight.next();
RightDescriptor iRD = new RightDescriptor(isRight.getRightDescriptor());
String myScope = "";
// XI3 has separate access for Objects and SubObjects, and each one is a separate IExplicitRight.
// We want to collapse them into the same line, and display whether it applies to the Object
// or Subobject. So, if this is the "object" ("this") right, then check if there is a subobject right too.
if (isRight.getRightDescriptor().scope.equals(CeSecurityOptions.RightScope.CURRENT_OBJECT))
{
iRD.scope = CeSecurityOptions.RightScope.DESCENDANTS;
IExplicitRight iERKids = iERights.get(iRD);
if(!(iERKids==null))
{
if(iERKids.isGranted() == isRight.isGranted())
myScope = "Object & Subobjects";
else // descendants have different access
myScope = "Object only";
}
else // descendants have unassigned access
myScope = "Object only";
}
else // scope is "descendants"; if access matches "this", then don't print anything (since we already printed "this,descendants"
{
iRD.scope = CeSecurityOptions.RightScope.CURRENT_OBJECT;
IExplicitRight iERKids = iERights.get(iRD);
if(!(iERKids==null))
{
if(iERKids.isGranted() != isRight.isGranted())
myScope = "Subobjects only";
else // descendants have SAME access - don't print this line
displayIt = false;
}
else // "this" has unassigned access, but descendants do - print it
myScope = myScope = "Subobjects only";
}
if(displayIt)
System.out.println ( outString + (isRight.isGranted() ? "Granted\t" : "Denied\t" ) + myScope + "\t" + isRight.getDescription(Locale.getDefault()) );
}
}
else // no advanced rights
System.out.println(outString);
}
else // Just show count
{
System.out.println(outString += iERights.size());
}
}
}
return maxID;
}
// Get the full path of an object
static String getObjectPath(IInfoObject inObject)
throws SDKException
{
IInfoObject oIO = inObject;
String path = "";
while(true)
{
// If the current object is a folder, get its "si_path" info; otherwise just iterate up through the objects' parents
if ("Folder".equals(oIO.getKind()))
{
oIO = (IInfoObject) infoStore.query("select si_id,si_path from CI_infoobjects,ci_systemobjects,ci_appobjects where si_id = " + oIO.getID()).get(0);
path = oIO.getTitle() + path;
try {
if ( oIO.getParentID() != 0)
for(String pathPart : ((IFolder)oIO).getPath() )
path = pathPart + "/" + path;
}
catch (Exception wtf)
{
// This shouldn't happen since we're checking for path count of 0 above, but just in case...
return "<" + oIO.getID() + ">" + "/" + path + oIO.getTitle();
}
return path;
}
else
path = path + "/" + oIO.getTitle();
oIO = oIO.getParent();
}
}
}
joepeters (BOB member since 2002-08-29)