how to remove all inherited access control items?

I am , at last , starting to make progress with wrapping access control in C#. Success with aaApi_SelectAccessControlItems  and success with aaApi_RemoveAccessList . One huge problem though . These methods are only finding specifically applied access control items . I am not getting the inherited control items . How do I remove all inherited access control items?

Thx for your patience.

Kevin

  • Kevin,

    To select inherited access control items you can use aaApi_SelectAccessControlItems2().

    You cannot "remove" inherited access control items, well because they are inherited.  If an object doesn't have any applied access control items, then it inherits them from its parent (see the documentation for the two security models that ProjectWise uses - i.e. workflow and object for the details).  If an object has one or more applied access control items, then it no longer inherits any from its parent, so you can't select them with aaApi_SelectAccessControlItems().

    If you want to change the access control items on an object, you basically have to determine what you want the access control items to be, and then apply them with aaApi_ApplyAccessControlList(). Note that doing so removes all existing applied access control items, so that means that your list must contain the access control items that you want to retain as well as those that you want to add or change.  And if you want the object to inherit the access control items from its parent, then you simply remove all of the applied access control items from the object, but don't use aaApi_RemoveAccessList() as that has been deprecated (see the documentation for details).

    Keep in mind that when you change an object's access control items, then any child objects will inherit the change or keep the existing access control items depending on the parameter SubItemAccessFlags that you set when you call aaApi_ApplyAccessControlList().

    FWIW, when I have had to deal with adding, removing, or changing security on objects, I found doing so much "easier" (for me) to do it in native code (C++).  To do it from C#, I create a native DLL with "helper" functions that do the things I want to do, but at a "higher" logical level, so that I I can invoke those helper functions from a C# application without having to deal with all the marshing, etc. that you will need to do otherwise.  You might find that approach a bit easier to implement as well, but if you can handle all the necessary marshing, etc., then go for it!

    Good luck!

    Answer Verified By: Kevin 

  • Thanks Dan for the in depth help . With all the info you provided here , I should now be able to complete the dev needed from here. Thanks again.

  • YES YES YES ! At Last! Dan! It's all working ... : )   I now have complete control over access control items in my dev ... Yeah! THANK YOU!