• Article for your preferred language does not exist. Below is international version of the article.

Article ID: 125780, created on Jun 8, 2015, last review on Jun 8, 2015

  • Applies to:
  • Operations Automation 6.0
  • Operations Automation 5.5
  • APS 2.x

Symptoms

  • I want to find the resource(s) that have the Owner (or Referrer) access to a resource with the given APS ID
  • I want to find the resource(s) that are accessble to the resource with given APS ID as Owner (or Referrer)

Cause

This can be necessary when determining the cause of various access error that APSC may return in its REST HTTP response.

Resolution

This information can be obtained through OA database. To achieve access, enter this command on the management node:

# psql -h$(hostname) -Uplesk

The tables that contain this information had their structure changed after version 5.5. Therefore, requests for versions 6.0 and 5.5 are presented:

Version 5.5

Resources that have Owner access to the resource specified in uid:

\set uid '''6e920838-0276-431d-bb60-a71d4800cfaa'''
\set mask 2
SELECT *
FROM aps_resource r
JOIN aps_registry_object ro ON r.registry_object_id = ro.id
WHERE r.id IN
    (SELECT source_resource_id
     FROM aps_registry_object ro
     JOIN aps_resource r ON ro.id = r.registry_object_id
     JOIN aps_resource_link rl ON r.id = rl.target_resource_id
     WHERE rl.role_mask = :mask
       AND ro.uid = :uid);

Resources that can be accessed by resource specified in uid with Owner level:

\set uid '''58adccac-eccc-45e0-b00e-3eb61442a637'''
\set mask 2
SELECT *
FROM aps_resource r
JOIN aps_registry_object ro ON r.registry_object_id = ro.id
WHERE r.id IN
    (SELECT target_resource_id
     FROM aps_registry_object ro
     JOIN aps_resource r ON ro.id = r.registry_object_id
     JOIN aps_resource_link rl ON r.id = rl.source_resource_id
     WHERE rl.role_mask = :mask
       AND ro.uid = :uid);

Version 6.0

Resources that have Owner access to the resource specified in uid:

\set uid '''060362ff-0c61-4972-973d-abf67191105f'''
\set mask 2
SELECT *
FROM aps_resource
WHERE id IN
    (SELECT source_resource_id
     FROM aps_resource r
     JOIN aps_resource_link rl ON r.id = rl.target_resource_id
     WHERE rl.role_mask = :mask
       AND r.uid = :uid);

Resources that can be accessed by resource specified in uid with Owner level:

\set uid '''060362ff-0c61-4972-973d-abf67191105f'''
\set mask 2
SELECT *
FROM aps_resource
WHERE id IN
    (SELECT target_resource_id
     FROM aps_resource r
     JOIN aps_resource_link rl ON r.id = rl.source_resource_id
     WHERE rl.role_mask = :mask
       AND r.uid = :uid);

Note: In the above, in addition to uid parameter (which is an APS ID of the target resource), mask parameter can also be 1 (Referrer) in addition to 2 (Owner).

Resource IDs attained in the queries that return resource's owners can be used in impersonation mechanism.

Read more:

Search Words

referer

find

access

owner

referrer

security

actor

717db81efe94e616312b74fb03a5d474 5b048d9bddf8048a00aba7e0bdadef37 caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 5356b422f65bdad1c3e9edca5d74a1ae 2554725ed606193dd9bbce21365bed4e 70bf700e0cdb9d7211df2595ef7276ab 956c448bddc7e1f3585373687602379f 6f1456866eed87488c0f02b298a741c0

Email subscription for changes to this article
Save as PDF