User group usage

(Mitchell Essex) #1

I was trying to find out if a user group permissions had been applied to any part of the site and I wasn't able to find it.

 

I thought it should be either on the linking screen for the group as a notice link (which it isn't) or there should be a "usage" screen like for designs.

 

How do other people find out where a groups permissions have been applied?

 

I realise a simple SQL statement could return the results I am after but we no longer have access to the database.

(Robin Shi) #2

We created a testing account into the group and login as the test user, then access to an asset listing which lists the assets that the user group has the admin/write permission.

As the permission is granted with/without cascading, the listed assets are messy. it gives some info though.

(Mitchell Essex) #3

Hi Robin,

 

I think it is messy anyway you do it

 

I could just do an asset listing showing either assetid/name or url and the admin users or write users

 

%asset_url% %asset_admin_permission% or %asset_write_permission%

 

but we really want to go the other way and just see it from the user group page.

 

It looks like this has been asked before http://forums.squizsuite.net/index.php?showtopic=9660 so it might be something for the road map.

(Robin Shi) #4

It would be a solution if you only use Matrix user accounts, but we are using LDAP bridge, which doesn't help much.

(Aleks Bochniak) #5

None of these solutions are scalable if you have tens of thousands of assets!

(Kbull) #6

Hey Mitch
Did you end up with getting a report?

I'm after something similar:

 

1. List of User Groups and whose in them

2. List of Site assets with what User Group has write and admin

(Evan Wills) #7

Hi kbull 
We came up with a slow and ugly but very effective way of listing users within user groups:

  • Create an asset listing that lists:
        User
        Backend User
        User Group
        System Administrator
        System Administrators
        Folder
        LDAP User
        LDAP Backend User
        LDAP Simple Edit User

  • Point that asset listing to the top level user group or folder you want to list

  • Set “Minimum Depth/Height” to
    1
    and “Maximum Depth/Height” to
    1
    to ensure you’re only listing 1 level at a time.

  • Use custom display formats for “user group” and “folder” assets. with a nested div to nest sub listings
    	<li>
    
<strong>%asset_name%</strong> (#%asset_assetid% - %asset_type%)
    

    	
    
Nested asset div to nest the clone of the asset listing.
    

    	
    
</li>
  • Clone the asset listing under itself

  • In the clone set “Dynamic Parameters” to:
    Parameter:
    Replacement Root node for the listing (must be a child of the static root node)
    Source:
    SESSION Variable
  • In the clone set “Dynamic Parameters” Source SESSION Variable Name
    list_current_asset_id
  • In the top level (first one you created), in both the “user group” and “folder” custom types:
    list the Name of the group/folder (I also list the asset ID and the Asset type)
    nest the second level (the first clone) in both the “user group” and “folder” custom types.
    I aslo wrap it all in <LI> tags to create a hierarchical listing

  • In the second level (the clone), in both the “user group” and “folder” custom types: nest the clone (itself) (this makes the clone listing recursive - i.e. it lists itself when it hits a group or folder)
This will give you a very slow but infinitely deep (or at least as deep as your permissions tree) listing of users and the groups they belong to.
 
It doesn’t (and I can’t work how you might) list what assets those users/groups have rights to.