I understand the impersonation requirement now. I have actually been able to
create a web reference to the correct asmx Security. I am trying to make the
call to CheckUserGlobalPermission(requires GUID) and returns a bool. I do
not know what to pass this method in the form of guid. If I use the
Project.Server.Library PSSecurityGlobalPermission I get an error for no
reference or assembly available. I have the Microsoft.Office.InterOp... but
not the Microsoft.Office.Project.Server.Library. I think this is because I
am using VSTO.
:
Hi Powers,
Regarding impersonation - I refered you to a method called ReadGroupList -
executing this method requires certain permissions on the server, which your
current user might not have (Manage Project Server security and/ or Manage
Project Server users and groups categories).
For this call to succeed you will need to execute this method using
impersonation to a user that has the needed permissions.
Regarding the reference to the security web service - I assume you checked
this sample link -
http://msdn.microsoft.com/en-us/library/aa974321.aspx.
Are you getting an error message while trying to add a web reference to the
service (the url should look like
http://YourServerName/YourProjectServerName/_vti_bin/psi/Security.asmx)?
The meaning of the namespace is just the name of the proxy class that will
be created by the new web reference addition.
:
Also. I don't understand the meaning of this: Namespace: [Security Web
service]
Web reference:
http://ServerName/ProjectServerName/_vti_bin/psi/Security.asmx. How do I
create the Namespace for the Security Web Service? Isn't it already created?
:
Sorry it took so long for me to get back to you here. I have been trying to
use the websvcsecurity. Unfortunately, I can't get the reference declared.
It seems like a network security issue, but I have been told that I should
have adequate permissions to declare the reference. I have to get back to
this. I was taken away for a few days. I will get back to you after looking
at this some more. Thanks a lot for your input. That is what I need to do.
:
Hi Powers,
There are 2 solutions I can recommend you should use - using the PSI
security service:
1. Get the list of Administrators group members and see of the current user
is located in it - the method to use is ReadGroup
(
http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgroup.aspx).
This method requires knowledge of the group's GUID, you can get it from the
method ReadGroupList
(
http://msdn.microsoft.com/en-us/library/websvcsecurity.security.readgrouplist.aspx).
Since this call requires certain permissions you might need to make this
call using impersonation to an admin user.
2. An easier way to get details, that might help is using
CheckUserGlobalPermission method of Security PSI service
(
http://msdn.microsoft.com/en-us/library/websvcsecurity.security.checkuserglobalpermission.aspx).
This method checks if a user has a specific permission on the server.
It requires an assumption that the permission to check is used only by
admins, and if your server is configured with default settings it should be
enough.
Permissions you can check are:
- Manage server configuration settings
- Manage security categories, security templates, and user authentication
settings
Full categories list can be found here -
http://msdn.microsoft.com/en-us/lib...ibrary.pssecurityglobalpermission_fields.aspx.
HTH
:
Thanks for responding. I was hoping to just programatically verify that the
user is a member of the admin group and therefore be able to delete any
tasks. All others would not be allowed to delete any baseline tasks. I have
coded the Add-In in C# and wanted to simply add an if statement using
possibly the Systems or Security Class object accessing the permissions for
Project Server 2007. I have been looking through the documentation and have
not yet been able to find such a class or method. I can use the password
option, if I have to, but it would be one more step for the admin to take.
Also, are you suggesting that I add this pop up for everyone to either
by-pass or enter the password when trying to delete tasks? I have allowed
the user to select any number of tasks, either summary or not. The fact that
each selected task has to run through my code has been a challenge in itself.
I will need to verify the user each time a task is passed through the event.
Please let me know if you have knowledge of any method/class I can use for
this purpose. Thanks a bunch for your time.
:
How about a password request when a baseline task is deleted? Or a macro
that users can run which would set a registry value?
I need to allow the admin people rights to by-pass an addin I have created
to
stop people from being able to delete baseline tasks.
I am looking for information for coding with the security class in MS
Project 2007.