Select to view content in your preferred language

Grant View Privileges and Revoke Edit Privileges Simultaneously in Change Privileges Tool

627
2
12-17-2012 02:54 PM
Status: Open
Labels (1)
NathanHeick2
Deactivated User

The geoprocessing tool Change Privileges should support the parameter combination View = "GRANT" and Edit = "REVOKE".  Currently, the tool will only validate for revoking editing privileges using the parameters View = "AS_IS" and Edit = "REVOKE".  I understand that you can't have edit privileges without SELECT privileges first, but the combination makes sense to me.  In the end, I want viewing privileges, but not editing privileges.  There isn't any ambiguity in the final result I am looking for with those parameters.  To accomplish this now, I have to revoke the editing privileges using View = "AS_IS" and Edit = "REVOKE" and then grant viewing privileges using View = "GRANT".  This takes two steps that could be combined into the logic of the geoprocessing tool instead.

2 Comments
NathanHeick2
One reason this is important is that when I run the script, I don't know if anyone has modified the dataset privileges to grant editing privileges.  No matter what may have happened during the development of our new system, I want to set or reset the privileges to what they should be, either editing or viewing.
julian_inskip

Wow, this is an old post and still not yet implemented. I wonder if there is a specific reason for this?

I just came across this scenario where I had edit privileges for feature classes for some users but they were only meant to have view privileges. 

I could have used the "AS-IS" and "REVOKE" option, but there might be a scenario where there are some feature classes the the user needs view privilege on, but it has not yet been set. In this case, "AS-IS" will not grant view privilege for these feature classes.

My work-a-round is if view only is needed, I revoke both view and edit privilege and then set them as GRANT and AS-IS.

Here is a snippet of the code that I use (I am actually getting the settings from an xlsx file that I create a dictionary from):

for fc, fc_details in permissions_dict.items():
    for user, privileges in fc_details.items():
        privilege_level = None
        view_privilege = 'AS_IS'
        edit_privilege = 'AS_IS'
        if privileges['UPDATE'] == 'GRANT':
            privilege_level = 'edit'
            view_privilege = 'GRANT'
            edit_privilege = 'GRANT'
        elif privileges['SELECT'] == 'GRANT' and privileges['UPDATE'] != 'GRANT':
            privilege_level = 'view'
            view_privilege = 'GRANT'
            edit_privilege = 'AS_IS'
        print(f"{fc} ||> {user}  ||> VIEW: {view_privilege}  ||> EDIT: {edit_privilege}")

        if privilege_level == 'view':
            # There is no "REVOKE" option for edit privilege so the view and edit
            # privilege must be REVOKED first before the view privilege can be granted
            arcpy.management.ChangePrivileges(in_dataset=fc, user=user, View='REVOKE', Edit='REVOKE')
        arcpy.management.ChangePrivileges(in_dataset=fc, user=user, View=view_privilege, Edit=edit_privilege)