Share via

2.6 Permission Bindings

  • Article

The Permission Bindings binary stream is a cryptographic checksum that MUST be generated as follows:

  • Compute the SHA-256 hash of the Package Parts binary stream (section 2.3) and the Permissions binary stream (section 2.4), and concatenate them. Each hash is preceded by an Int32 value indicating the length of the hash.

  • Encrypt the concatenated hashes using the Data Protection Application Program Interface (DPAPI) with the following parameters:

    • Data protection scope: Current user

    • Optional entropy: UTF-8 encoding of the string "DataExplorer Package Components"

When reading the Query Definition File Format Structure from the spreadsheet, if the Permission Bindings cryptographic checksum computed using the algorithm above does not match what is persisted in the spreadsheet file, the Permissions binary stream persisted in the spreadsheet file MUST be discarded, and replaced with the following defaults.

 <PermissionList xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <CanEvaluateFuturePackages>false</CanEvaluateFuturePackages>
   <FirewallEnabled>true</FirewallEnabled>
   <WorkbookGroupType xsi:nil="true" />
</PermissionList>