User group usage

mitch · October 4, 2013, 4:25am

I was trying to find out if a user group permissions had been applied to any part of the site and I wasn't able to find it.

I thought it should be either on the linking screen for the group as a notice link (which it isn't) or there should be a "usage" screen like for designs.

How do other people find out where a groups permissions have been applied?

I realise a simple SQL statement could return the results I am after but we no longer have access to the database.

robin_shi · October 4, 2013, 4:56am

We created a testing account into the group and login as the test user, then access to an asset listing which lists the assets that the user group has the admin/write permission.

As the permission is granted with/without cascading, the listed assets are messy. it gives some info though.

mitch · October 4, 2013, 5:49am

Hi Robin,

I think it is messy anyway you do it

I could just do an asset listing showing either assetid/name or url and the admin users or write users

%asset_url% %asset_admin_permission% or %asset_write_permission%

but we really want to go the other way and just see it from the user group page.

It looks like this has been asked before http://forums.squizsuite.net/index.php?showtopic=9660 so it might be something for the road map.

robin_shi · October 4, 2013, 7:17am

It would be a solution if you only use Matrix user accounts, but we are using LDAP bridge, which doesn't help much.

aleks · October 4, 2013, 8:20am

None of these solutions are scalable if you have tens of thousands of assets!

kbull · October 9, 2013, 9:44pm

Hey Mitch
Did you end up with getting a report?

I'm after something similar:

1. List of User Groups and whose in them

2. List of Site assets with what User Group has write and admin

evanwills · March 6, 2014, 10:11pm

Hi kbull
We came up with a slow and ugly but very effective way of listing users within user groups:

Create an asset listing that lists:
    User
    Backend User
    User Group
    System Administrator
    System Administrators
    Folder
    LDAP User
    LDAP Backend User
    LDAP Simple Edit User
Point that asset listing to the top level user group or folder you want to list
Set “Minimum Depth/Height” to
```
1
```
and “Maximum Depth/Height” to
```
1
```
to ensure you’re only listing 1 level at a time.

Use custom display formats for “user group” and “folder” assets. with a nested div to nest sub listings

	<li>

<strong>%asset_name%</strong> (#%asset_assetid% - %asset_type%)

	

Nested asset div to nest the clone of the asset listing.

	

</li>

Clone the asset listing under itself

In the clone set “Dynamic Parameters” to:
Parameter:

Replacement Root node for the listing (must be a child of the static root node)

Source:

SESSION Variable

In the clone set “Dynamic Parameters” Source SESSION Variable Name
```
list_current_asset_id
```
In the top level (first one you created), in both the “user group” and “folder” custom types:
list the Name of the group/folder (I also list the asset ID and the Asset type)
nest the second level (the first clone) in both the “user group” and “folder” custom types.
I aslo wrap it all in <LI> tags to create a hierarchical listing
In the second level (the clone), in both the “user group” and “folder” custom types: nest the clone (itself) (this makes the clone listing recursive - i.e. it lists itself when it hits a group or folder)

This will give you a very slow but infinitely deep (or at least as deep as your permissions tree) listing of users and the groups they belong to.

It doesn’t (and I can’t work how you might) list what assets those users/groups have rights to.