How to Check if a User Has Permissions for a Resource

 

Updated: November 1, 2013

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 R2 Configuration Manager

In System Center 2012 R2 Configuration Manager, you can check whether a user has permission for a resource using the GetCollectionsWithResourcePermissions method in the SMS_RbacSecuredObject class.

System_CAPS_importantImportant

The SMS_SecuredObject Server WMI Class contains a list of available permissions.

To check if a user has permissions for a resource

  1. Create a dictionary object to pass object name and permissions to check for to the GetCollectionsWithResourcePermissions Method in Class SMS_RbacSecuredObject.

  2. The method returns true, if the user has the permissions.

Example

The following example checks to see if the user has resource permissions.

public bool CheckUserPermissions(ConnectionManagerBase connectionManager, string resourceID)
{
    bool result = false;
    int iId = 0;
    IResultObject outParams = null;
    if (int.TryParse(resourceID, out iId) == false)
    {
        throw new ArgumentException("Invalid resource ID");
    }
    //ControlAMT permissions.
    int controlAMT = 0x1000000;
    try
    {
        Dictionary<string, object> inParams = new Dictionary<string, object>();
        inParams["Permissions"] = controlAMT;
        inParams["ResourceID"] = iId;
        outParams = connectionManager.ExecuteMethod("SMS_RbacSecuredObject", "GetCollectionsWithResourcePermissions", inParams);
        if (outParams != null)
        {
            //If the return value equals 0 and the array is not empty, the user has the resource permissions.
            if (outParams["ReturnValue"].IntegerValue == 0 && outParams["CollectionIDs"].StringArrayValue.Length != 0)
            {
                result = true;
            }
        }
    }
    finally
    {
        if (outParams != null)
        {
             outParams.Dispose();
        }
    }
    return result;
}

The example method has the following parameters:

Parameter

Type

Description

connection

  • Managed: connectionManager

A valid connection to the SMS Provider.

resourceID

String

Unique ID, supplied by Configuration Manager, for the resource.

Compiling the Code

The C# example requires:

Microsoft.ConfigurationManagement.ManagementProvider

Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine

System

adminui.wqlqueryengine

microsoft.configurationmanagement.managementprovider

mscorlib

Robust Programming

For more information about error handling, see About Configuration Manager Errors.

Show: