Is it possible to leverage a system account, impersonate, or runas in VBA? We have a situation where we need VBA to programmatically create folders in an area where the user does not have rights to do so. An example would be very helpful. TIA
Hi Gary,
I am pretty sure (off-hand) it's not possible. Your question touches basic security concepts. VBA is designed to run in application encapsulation and it's not intended to interact with underlying OS too much and for sure not using different (even elevated) access rights. In such case you probably don't have to care about security at all, because it will be not security bug, but huge security hole.
In my opinion a workaround can be to move the responsibility to another script (shell command, script etc.) that will be started from VBA (use Call Shell) and will run using different user rights. But it's not MicroStation specific question so you should check VBA and Windows discussion forums and sources (see e.g. this or this discussions). I guess in any case a user will have to accept UAC dialog to allow the script to be run.
At the same time I have to say in my opinion the question is completely wrong, because if an application requires special priviledges, it's design or implementation problem. And they can hardly be consistently solved by code in a system manner.
With regards,
Jan
Bentley Accredited Developer: iTwin Platform - AssociateLabyrinth Technology | dev.notes() | cad.point
Unknown said:But respectfully disagree.
Yes, these types of discussions are very opinion based ;-)
Regards,
Unknown said:Is it possible to leverage a system account, impersonate, or runas in VBA?
Clearly a question for Microsoft Forum, not a MicroStation Forum. For example...
Intuitively the answer is 'no' because VBA is designed to automate user actions in a Windows application. Windows should prohibit the code from taking any action that the owning process couldn't also take.
Regards, Jon Summers LA Solutions