Few days back I had read the chapter on Aliases. Since then I was eager to play with them. Ultimately I got my game plan ready. It was not a full-fledged plan which could give me a result but it was good enough for an initiative. I like flexible plans so that I can make changes as and when I feel, according to my comfort. Okay, lets stop the gossip and let the game start.
Setting up the field:
I will be using ACL Template to play with Aliases. As I am using ACL Template, I will also be requiring a set of users and objects.
As a first step I use the following DQL query to create a user.
create dm_user objectset home_docbase = 'ASSAPArchive',set user_os_domain = 'infch02088',set user_name = 'TestUser1',set user_os_nam e= 'TestUser1',set user_source = 'inline password',set user_password = 'TestUser1'
Similar DQL queries were used to create four more users TestUser2, TestUser3, TestUser4 and TestUser5.
I like users to be part of a group.
CREATE GROUP TestUserGroupWITH MEMBERS(SELECT user_nameFROM dm_userWHERE user_name like 'TestUser%')
No need to worry; there are no additional users with similar name in my repository. Now I have a group named TestUserGroup and it has five members named TestUser1,…..TestUser5.
Till here it was pretty easy. Isn’t it? But the game has not started yet. I am just arranging the players at their respective positions.
Before I create the ACL Template, I will need the Alias Set with the Alias that has to be used in the ACL Template.
CREATE dm_alias_set OBJECTSET object_name = 'TestUserAlias';
UPDATE dm_alias_set OBJECTSAPPEND alias_name = 'TestUser',APPEND alias_value = 'TestUser1',APPEND alias_category = 1,APPEND alias_usr_category = 1,APPEND alias_description = 'Testing alias in ACL Template'WHERE object_name = 'TestUserAlias';
Now I can go ahead with the creation of ACL Template. ACL Template is not same as ACL. It is actually a kind of ACL where aliases are used in place of users/groups. When such an ACL is applied to an object at runtime, the content server resolves the alias and creates a custom ACL with the resolved users/groups and the permissions in the ACL Template. ACL Template can be recognized as objects of dm_acl with acl_class = 1.
Below is the screen shot for the ACL Template created through Application Builder.
The field is set now.
Users : TestUser1, TestUser2, TestUser3, TestUser4, TestUser5.
Group : TestUserGroup
Alias Set Name : TestUserAlias
Alias Name : TestUser
ACL Template : TestACLTemplate
The Game Begins:
Let me go ahead with objects (of type dm_document) creation and apply the Template ACL to them.
CREATE dm_document objectSET object_name = 'TestObject1',SET acl_name = 'TestACLTemplate'SET acl_domain = 'ASSAPArchive'LINK '/dmadmin'
[DM_QUERY_F_UP_SAVE]fatal: “UPDATE: An error has occurred during a save operation.”
[DM_POLICY_E_AS_NO_ALIAS_SET_USER]error: “No default alias set found for user dmadmin. The following alias sets were searched: sessionconfig, user, user’s default group, server config, and policy (if applicable)”
Let me associate the Alias Set with the user, else there is no way the Alias can be resolved.
UPDATE dm_user OBJECTSET alias_set_id =(SELECT r_object_idFROM dm_alias_setWHERE object_name = 'TestUserAlias')WHERE user_name = 'dmadmin'
The Alias Set is associated with the user. Once again I use the previously used DQL query for creating a dm_document object and applying the ACL Template to it. This time I was successful.
Lets check the permissions in the property page of the newly created object. A new custom ACL named dm_450003f080001517_80001100 is created and assigned to the object. It should be noted that the r_object_id of the ACL Template is 450003f080001517. Below is the screen shot of the property page. The new ACL has the resolved user name from the Alias Set.
The first part of the game is over. Now I need to change the user in the Alias set and check whether the change is reflected in the permissions of the new object.
UPDATE dm_alias_set OBJECTSET alias_value = 'TestUser2'WHERE object_name = 'TestUserAlias'
The change in Alias Set is reflected in the object’s permission. So, a successful implementation of Alias Set is achieved. But a single Alias Set is not of much help in a practical scenario. Let me create one more Alias Set.
CREATE dm_alias_set OBJECTSET object_name = 'TestUserAlias1'APPEND alias_name = 'TestUser',APPEND alias_value = 'TestUser1',APPEND alias_category = 1,APPEND alias_usr_category = 1,APPEND alias_description = 'Testing alias in ACL Template'
The newly created Alias Set is now applied to the user dmadmin. Next time I created an object named TestObject2 and applied the ACL Template to it; the resolved user was as per the new Alias Set. Now I have two objects on which I had applied the same ACL Template and both have different users in their custom permission sets.
This situation is achieved because the Alias Set associated with dmadmin was changed before applying the ACL Template to the new object. Am I going to change the Alias set of dmadmin every time I apply the ACL Template to an object? That doesn’t appear to be a good idea. Further If due to some reason I need to reassign the ACL Template to the older object I may be into serious trouble.
The Alias Set was created and implemented along with the ACL Template. But the approach was not satisfactory for the practical purposes. A new plan has to be devised. Let me take a break now. I will be back with the new plan soon.
- Using Alias Sets Part 1 by Glen Tarrant
- Using Alias Sets Part 2 by Glen Tarrant
- Permission Set Templates – Friend or Foe? Part 1 by johnnygee
- Permission Set Templates – Friend or Foe? Part 2 by johnnygee