The OneStream Community is temporarily frozen until June 29th due to the ongoing maintenance. Please read the blog post here to learn more.

Forum Discussion

jesvam's avatar
jesvam
New Contributor III
1 year ago

Validate User DataCell Access in BR

Hi, is there a way to completely validate data cell access for a user in a BR using the api? I'm looking for something that would run the same logic as you would expect from a cube view, basically va...
Admin
MarcusH's avatar
MarcusH
Valued Contributor
1 year ago

I don't think there is anything in the API to give you precisely that ie for this user check if they have access to this intersection. The closest I can think of is to use the method UserCubeSliceRights. That will return a data table that lists the data access slices and whether the user is in the group. You will have to work out how to process it as the data access slice might be adding or removing access.

Dim ForUser as String = "myuser"
Dim thisDataTableName as string = "SliceAccess"
Using dbConnApp As DbConnInfo = BRApi.Database.CreateApplicationDbConnInfo(si)
    Using ds As DataSet = BRApi.Database.ExecuteMethodCommand(dbConnApp, XFCommandMethodTypeId.UserCubeSliceRights, "{" & ForUser & "}{AllCubes}{}", thisDataTableName, Nothing)
        If Not ds Is Nothing Then
            If ds.Tables.Count > 0 Then
                Dim dt As DataTable = ds.Tables(thisDataTableName).Copy
                For Each dr As DataRow In dt.Rows()
                    Dim memberFilter As String = dr("MemberFilter")
                    Dim userInGroup As String = dr("UserInGroup")
                    Dim bhvInGroupInFilter As String = dr("BehaviorInGroupInFilter")
                    ' Now process it
                Next
            End If
        End If
    End Using
End Using

I have pieced it together from another script but I think it should work.

jesvam's avatar
jesvam
New Contributor III
1 year ago

Thanks Marcus! Yeah this combined with XFCommandMethodTypeId.GroupsForUsers and then just validate all group against cube, scenario and entities would work but seems very convoluted for something that could just be a api method. 

  • jesvam's avatar
    jesvam
    New Contributor III
    1 year ago

    Actually this wouldn't even work when I think about it unless exceptions for administrator groups etc are handled. What I did was just to loop through the entities and make a list of the entities in access group scope by validating them against the Brapi.Security.IsInGroup method