How to Check if a User Has Permissions for a Resource

In System Center 2012 Configuration Manager, you can check whether a user has permission for a resource using the GetCollectionsWithResourcePermissions method in the SMS_RbacSecuredObject class.

Important
The SMS_SecuredObject Server WMI Class contains a list of available permissions.

To check if a user has permissions for a resource

Create a dictionary object to pass object name and permissions to check for to the GetCollectionsWithResourcePermissions Method in Class SMS_RbacSecuredObject.
Call the GetCollectionsWithResourcePermissions Method in Class SMS_RbacSecuredObject, passing in the dictionary object.
The method returns true, if the user has the permissions.

Example

The following example checks to see if the user has resource permissions.

C#	Copy Code
public bool CheckUserPermissions(ConnectionManagerBase connectionManager, string resourceID) { bool result = false; int iId = 0; IResultObject outParams = null; if (int.TryParse(resourceID, out iId) == false) { throw new ArgumentException("Invalid resource ID"); } //ControlAMT permissions. int controlAMT = 0x1000000; try { Dictionary<string, object> inParams = new Dictionary<string, object>(); inParams["Permissions"] = controlAMT; inParams["ResourceID"] = iId; outParams = connectionManager.ExecuteMethod("SMS_RbacSecuredObject", "GetCollectionsWithResourcePermissions", inParams); if (outParams != null) { //If the return value equals 0 and the array is not empty, the user has the resource permissions. if (outParams["ReturnValue"].IntegerValue == 0 && outParams["CollectionIDs"].StringArrayValue.Length != 0) { result = true; } } } finally { if (outParams != null) { outParams.Dispose(); } } return result; }

Copy Code

public bool CheckUserPermissions(ConnectionManagerBase connectionManager, string resourceID)
{
	bool result = false;
	int iId = 0;
	IResultObject outParams = null;
	if (int.TryParse(resourceID, out iId) == false)
	{
		throw new ArgumentException("Invalid resource ID");
}

	//ControlAMT permissions.
	int controlAMT = 0x1000000;

	try
	{
		Dictionary<string, object> inParams = new Dictionary<string, object>();
		inParams["Permissions"] = controlAMT;
		inParams["ResourceID"] = iId;

		outParams = connectionManager.ExecuteMethod("SMS_RbacSecuredObject", "GetCollectionsWithResourcePermissions", inParams);

		if (outParams != null)
		{
			//If the return value equals 0 and the array is not empty, the user has the resource permissions.
			if (outParams["ReturnValue"].IntegerValue == 0 && outParams["CollectionIDs"].StringArrayValue.Length != 0)
			{
				result = true;
		}
	}
}
	finally
	{
		if (outParams != null)
		{
			 outParams.Dispose();
	}
}

	return result;
}

The example method has the following parameters:

Parameter	Type	Description
connection	Managed: connectionManager	A valid connection to the SMS Provider.
resourceID	String	Unique ID, supplied by Configuration Manager, for the resource.

Compiling the Code

The C# example requires:

Namespaces

Microsoft.ConfigurationManagement.ManagementProvider

Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine

System

Assembly

adminui.wqlqueryengine

microsoft.configurationmanagement.managementprovider

mscorlib

Robust Programming

For more information about error handling, see About Configuration Manager Errors.