Content Studio Web Content Management System
SystemObject
SystemMarshalByRefObject
ContentStudioCSBase
ContentStudio.SecuritySecurityBase
ContentStudio.SecurityGlobalTrusteeRights
Assembly: CSServer5 (in CSServer5.dll) Version: 5.7.5016.0 (5.7.5016.0)
Top
Top
Top
Global group admin trustee right is required to update any global trustee rights.
Global trustee rights defines general permission that applies to a trustee in Content Studio.
Certain permissions, such as use the administrative interface or having permission to write ASPX-code,
cannot be set on a certain object such as a document.
Instead a number of global rights defines these permissions and they can be compared with policies and rights in Windows.
Currently trustee rights can only be set on registered groups and applies for every member of the group. E.g. In order to be able to write ASPX-code the caller must be a member in at least one group that has the WriteActiveContent right set.
The following sample shows how the select out a group registered in Content Studio, check if it has the right to
use the administrative interface set and if not, gives the group this right.
The next example you can use the LookupAccountSID(ConnectionId, SessionId, String, AccountType) method to
perform a sid based search instead. As an alternative you might like to use the Verify(ConnectionId, SessionId, String) method to find the group,
which, in addition to returning the group id, has the advantage that it will register the group if not registered.
[This is preliminary documentation and is subject to change.]
Reads and sets the global rights for trustee accounts in Content Studio.
Inheritance Hierarchy
SystemMarshalByRefObject
ContentStudioCSBase
ContentStudio.SecuritySecurityBase
ContentStudio.SecurityGlobalTrusteeRights
Namespace: ContentStudio.Security
Assembly: CSServer5 (in CSServer5.dll) Version: 5.7.5016.0 (5.7.5016.0)
Syntax
The GlobalTrusteeRights type exposes the following members.
Constructors
Name | Description | |
---|---|---|
GlobalTrusteeRights | Initializes a new instance of the GlobalTrusteeRights class |
Properties
Name | Description | |
---|---|---|
ForceLDAPLevel |
Retrieves the ForceLDAPLevel debug setting
(Inherited from SecurityBase.) | |
UseNetBiosDomainBinding |
Gets a value that indicates whether the NetBiosDomain name should be included when binding the user SID to Active Directory.
(Inherited from SecurityBase.) |
Methods
Name | Description | |
---|---|---|
CreateObjRef | (Inherited from MarshalByRefObject.) | |
Equals | (Inherited from Object.) | |
Finalize | (Inherited from Object.) | |
GetHashCode | (Inherited from Object.) | |
GetLifetimeService | (Inherited from MarshalByRefObject.) | |
GetRights(ConnectionId, SessionId, GlobalRights) |
Returns the effective global rights for a trustee.
| |
GetRights(ConnectionId, SessionId, Int32, AccountType, GlobalRights) |
Returns the effective global rights for a trustee.
| |
GetRights(ConnectionId, SessionId, String, Int32, String) |
Returns the effective global rights for a trustee.
| |
GetType | (Inherited from Object.) | |
InitializeLifetimeService | (Inherited from MarshalByRefObject.) | |
MemberwiseClone | (Inherited from Object.) | |
MemberwiseClone(Boolean) | (Inherited from MarshalByRefObject.) | |
SetRights(ConnectionId, SessionId, Int32, AccountType, GlobalRights) |
Sets new global rights to a trustee
| |
SetRights(ConnectionId, SessionId, String, Int32, String) |
Sets new global rights to a trustee
| |
ToString | (Inherited from Object.) |
Content Studio permissions
Remarks
Currently trustee rights can only be set on registered groups and applies for every member of the group. E.g. In order to be able to write ASPX-code the caller must be a member in at least one group that has the WriteActiveContent right set.
Examples
try { TrusteeSearcher ts = new TrusteeSearcher(); int max = 1; //the name is unique int GroupID = 0; //Get the group first using (StringReader SR = new StringReader(ts.FindTrustees(CS_ConnectionId, CS_SessionId, AccountType.Group, @"CS\Editors", ref max))) { XmlReader XReader = XmlReader.Create(SR); if (XReader.ReadToFollowing("id")) GroupID = XReader.ReadElementContentAsInt(); } if (GroupID == 0) throw new Exception("Not registered in Content Studio"); //Get its current rights GlobalRights rights; GlobalTrusteeRights glor = new GlobalTrusteeRights(); glor.GetRights(CS_ConnectionId, CS_UserSessionId, out rights); //make sure that the group are allowed to use the admin interface if ((rights & GlobalRights.Logon) != GlobalRights.Logon) { //Not set, thus update rights |= GlobalRights.Logon; glor.SetRights(CS_ConnectionId, CS_UserSessionId, GroupID, AccountType.Group, rights); } Response.Write("Success"); } catch (Exception ex) { Response.Write(ex.GetType().ToString() + ": " + ex.Message); }
try { int GroupID = 0; //Get the group first NTAccount acc = new NTAccount("CS\\Editors"); SecurityIdentifier sid = (SecurityIdentifier)acc.Translate(typeof(SecurityIdentifier)); AccountType act; TrusteeSearcher ts = new TrusteeSearcher(); int GroupID = ts.LookupAccountSID(CS_ConnectionId, CS_UserSessionId, sid.Value, out act); if (GroupID == 0) throw new Exception("Not registered in Content Studio"); //Get its current rights GlobalRights rights; GlobalTrusteeRights glor = new GlobalTrusteeRights(); glor.GetRights(CS_ConnectionId, CS_UserSessionId, GroupId, AccountType.Group, out rights); //make sure that the group are allowed to use the admin interface if ((rights & GlobalRights.Logon) != GlobalRights.Logon) { //Not set, thus update rights |= GlobalRights.Logon; glor.SetRights(CS_ConnectionId, CS_UserSessionId, GroupID, AccountType.Group, rights); } Response.Write("Success"); } catch (Exception ex) { Response.Write(ex.GetType().ToString() + ": " + ex.Message); }
See Also