def grant_privilege( self, privilege: Union[Union["Privilege", int, str], List[Union["Privilege", int, str]]] ) -> None: """Grant new project-level privileges to the Security Role. Args: privilege: list of privilege objects, ids or names """ # get all project level privileges from mstrio.access_and_security.privilege import Privilege project_level = [ priv['id'] for priv in Privilege.list_privileges( self.connection, to_dictionary=True, is_project_level_privilege='True') ] # validate and filter passed privileges privileges = Privilege._validate_privileges(self.connection, privilege) server_level = list({priv['id'] for priv in privileges} - set(project_level)) privileges = helper.filter_list_of_dicts(privileges, id=project_level) # create lists for print purposes privilege_ids = [priv['id'] for priv in privileges] existing_ids = [obj['id'] for obj in self.privileges] succeeded = list(set(privilege_ids) - set(existing_ids)) failed = list(set(existing_ids).intersection(set(privilege_ids))) if server_level: msg = ( "Privileges {} are server-level and will be omitted. Only project-level " "privileges can be granted by this method.").format( sorted(server_level)) helper.exception_handler(msg, exception_type=Warning) self._update_nested_properties( objects=privileges, path="privileges", op="addElement", ) if succeeded: self.fetch( ) # fetch the object properties and set object attributes if config.verbose: logger.info( f"Granted privilege(s) {succeeded} to '{self.name}'") if failed and config.verbose: logger.warning( f"Security Role '{self.name}' already has privilege(s) {failed}" )
def create(cls, connection: Connection, name: str, privileges: Union[Union["Privilege", int, str], List[Union["Privilege", int, str]]], description: str = ""): """Create a new Security Role. Args: connection(object): MicroStrategy connection object returned by 'connection.Connection()'. name(string): Name of the Security Role privileges: List of privileges which will be assigned to this security role. Use privilege IDs or Privilege objects. description(string, optional): Description of the Security Role Returns: Newly created Security Role if the HTTP server has successfully created the Security Role. """ # get all project level privileges from mstrio.access_and_security.privilege import Privilege project_level = [ priv['id'] for priv in Privilege.list_privileges( connection, to_dictionary=True, is_project_level_privilege='True') ] # validate and filter passed privileges privileges = Privilege._validate_privileges(connection, privileges) server_level = list({priv['id'] for priv in privileges} - set(project_level)) privileges = helper.filter_list_of_dicts(privileges, id=project_level) body = { "name": name, "description": description, "privileges": privileges } response = security.create_security_role(connection, body) if response.ok: if server_level: msg = ( "Privileges {} are server-level and will be omitted. Only project-level " "privileges can be granted by this method.").format( sorted(server_level)) helper.exception_handler(msg, exception_type=Warning) return cls(connection=connection, id=response.json()['id'])
def revoke_privilege( self, privilege: Union[str, List[str], "Privilege", List["Privilege"]]) -> None: """Revoke project-level privileges from the Security Role. Args: privilege: list of privilege objects, ids or names """ # get all project level privileges from mstrio.access_and_security.privilege import Privilege project_level = [ priv['id'] for priv in Privilege.list_privileges( self.connection, to_dictionary=True, is_project_level_privilege='True') ] # validate and filter passed privileges privileges = Privilege._validate_privileges(self.connection, privilege) server_level = list( set([priv['id'] for priv in privileges]) - set(project_level)) privileges = helper.filter_list_of_dicts(privileges, id=project_level) # create lists for print purposes privilege_ids = [priv['id'] for priv in privileges] existing_ids = [obj['id'] for obj in self.privileges] succeeded = list(set(privilege_ids).intersection(set(existing_ids))) failed = list(set(privilege_ids) - set(succeeded)) if server_level: msg = ( "Privilege(s) {} are server-level and will be ommited. Only project-level " "privileges can be granted by this method.").format( sorted(server_level)) helper.exception_handler(msg, exception_type=Warning) self._update_nested_properties(objects=privileges, path="privileges", op="removeElement") if succeeded: self.fetch( ) # fetch the object properties and set object attributes if config.verbose: print("Revoked privilege(s) {} from '{}'".format( succeeded, self.name)) elif failed and config.verbose: print("Security Role '{}' does not have privilege(s) {}".format( self.name, failed))
def grant_privilege( self, privilege: Union[str, List[str], "Privilege", List["Privilege"]]) -> None: """Grant privileges directly to the user. Args: privilege: list of privilege objects, ids or names """ from mstrio.access_and_security.privilege import Privilege privileges = [ priv['id'] for priv in Privilege._validate_privileges( self.connection, privilege) ] existing_ids = [ privilege['privilege']['id'] for privilege in self.list_privileges(mode='GRANTED') ] succeeded, failed = self._update_nested_properties( privileges, "privileges", "add", existing_ids) if succeeded: self.fetch( 'privileges' ) # fetch the object properties and set object attributes if config.verbose: print("Granted privilege(s) {} to '{}'".format( succeeded, self.name)) if failed and config.verbose: print("User '{}' already has privilege(s) {}".format( self.name, failed))
def revoke_all_privileges(self, force: bool = False) -> None: """Revoke all granted project-level privileges. Args: force(bool, optional): If true, overrides the prompt. """ user_input = 'N' if not force: user_input = input( "Are you sure you want to revoke all privileges from Security Role '{}'? [Y/N]: " .format(self.name)) if force or user_input == 'Y': from mstrio.access_and_security.privilege import Privilege project_level = [ priv['id'] for priv in Privilege.list_privileges( self.connection, to_dictionary=True, is_project_level_privilege='True') ] existing_ids = [obj['id'] for obj in self.privileges] to_revoke = list( set(project_level).intersection(set(existing_ids))) if to_revoke: self.revoke_privilege(privilege=to_revoke) else: print( "Security Role '{}' does not have any privilege(s)".format( self.name))
def grant_privilege( self, privilege: Union[str, List[str], "Privilege", List["Privilege"]]) -> None: """Grant privileges directly to the User Group. Args: privilege: List of privilege objects, ids or names """ from mstrio.access_and_security.privilege import Privilege privileges = [ priv['id'] for priv in Privilege._validate_privileges( self.connection, privilege) ] existing_ids = [ privilege['privilege']['id'] for privilege in self.list_privileges(mode='GRANTED') ] succeeded, failed = self._update_nested_properties( privileges, "privileges", "add", existing_ids) if succeeded: self.fetch('privileges') # fetch the object privileges if config.verbose: logger.info( f"Granted privilege(s) {succeeded} to '{self.name}'") if failed and config.verbose: logger.warning( f"User Group '{self.name}' already has privilege(s) {failed}")
def revoke_privilege(self, privilege: Union[str, List[str], "Privilege", List["Privilege"]]) -> None: """Revoke directly granted User Group privileges. Args: privilege: List of privilege objects, ids or names """ from mstrio.access_and_security.privilege import Privilege privileges = set( [priv['id'] for priv in Privilege._validate_privileges(self.connection, privilege)]) existing_ids = [ privilege['privilege']['id'] for privilege in self.list_privileges(mode='ALL') ] directly_granted = set( [privilege['privilege']['id'] for privilege in self.list_privileges(mode='GRANTED')]) to_revoke = list(privileges.intersection(directly_granted)) not_directly_granted = list( (set(existing_ids) - directly_granted).intersection(privileges)) if not_directly_granted: msg = (f"Privileges {sorted(not_directly_granted)} are inherited and will be " "ommited. Only directly granted privileges can be revoked by this method.") helper.exception_handler(msg, exception_type=Warning) succeeded, failed = self._update_nested_properties(to_revoke, "privileges", "remove", existing_ids) if succeeded: self.fetch('privileges') # fetch the object privileges if config.verbose: print("Revoked privilege(s) {} from '{}'".format(succeeded, self.name)) if failed and config.verbose: print("User group '{}' does not have privilege(s) {}".format(self.name, failed))
def revoke_privilege( self, privilege: Union[str, List[str], "Privilege", List["Privilege"]]) -> None: """Revoke directly granted user privileges. Args: privilege: list of privilege objects, ids or names """ from mstrio.access_and_security.privilege import Privilege privileges = { priv['id'] for priv in Privilege._validate_privileges(self.connection, privilege) } existing_ids = [ privilege['privilege']['id'] for privilege in self.list_privileges(mode='ALL') ] directly_granted = { privilege['privilege']['id'] for privilege in self.list_privileges(mode='GRANTED') } to_revoke = list(privileges.intersection(directly_granted)) not_directly_granted = list( (set(existing_ids) - directly_granted).intersection(privileges)) if not_directly_granted: msg = ( f"Privileges {sorted(not_directly_granted)} are inherited and will be omitted. " "Only directly granted privileges can be revoked by this method." ) helper.exception_handler(msg, exception_type=Warning) succeeded, failed = self._update_nested_properties( to_revoke, "privileges", "remove", existing_ids) if succeeded: self.fetch( 'privileges' ) # fetch the object properties and set object attributes if config.verbose: logger.info( f"Revoked privilege(s) {succeeded} from '{self.name}'") if failed and config.verbose: logger.warning( f"User '{self.name}' does not have privilege(s) {failed}")
# Create connection to the target environment target_base_url = "https://<>/MicroStrategyLibrary/api" target_username = "******" target_password = "******" target_conn = Connection(target_base_url, target_username, target_password, project_name="MicroStrategy Tutorial", login_mode=1) # Make sure the current user have the following privileges: # 'Create package', id: 295 # 'Apply package', id: 296 # They can be granted by admin with the following commands: user = User(source_conn, username='******') Privilege(source_conn, id=295).add_to_user(user) Privilege(source_conn, id=296).add_to_user(user) # Or by name: user2 = User(target_conn, username='******') Privilege(target_conn, name='Create package').add_to_user(user2) Privilege(target_conn, name='Apply package').add_to_user(user2) # Create PackageConfig with information what object should be migrated and how. # The options are of type Enum with all possible values listed. dossier_id = 'some dossier id' report_id = 'some report id' package_settings = PackageSettings( PackageSettings.DefaultAction.USE_EXISTING, PackageSettings.UpdateSchema.RECAL_TABLE_LOGICAL_SIZE,