Security View Reference
The security views contain information about the permissions that are granted to users and user groups to perform operations on secured SMS object classes and instances, such as collections, packages, and reports.
Security Views
Security views can be used to query for SMS class or instance permissions for secured objects. In each view, class and instance permission values are listed as a decimal value that is the result of converting bit fields reserved for each security right. More information can be found in the next section. The security views are listed and described in the following table.
Security View |
Description |
|---|---|
v_SecuredObject |
Describes the nine different types of objects in the SMS system that can be secured: Collection, Package, Advertisement, Status Message, Site, Query, Report, Software Metering Rule, and Software Updates. The view lists the SMS objects by object key and name, as well as the default class permissions, default instance permissions, and the available instance permissions. The default permissions for SMS classes and instances are set to Read (0), and the available instance permissions for each object vary depending on what permissions are appropriate for the specific object. The view can be joined to other security views by using the ObjectKey or ObjectName columns. |
v_UserClassPermissions |
Lists the SMS object key, user name, and permissions the user has to each specific secured object. The view can be joined to other security views by using the ObjectKey column and to other views by using the UserName column. |
v_UserClassPermNames |
Lists the SMS object key, user name, permission name the user has to each specific secured object, and the permission number. This view contains the same information as the v_UserClassPermissions view, but instead of using one decimal value for combined permissions, it lists each permission individually by name. The view can be joined to the other security views by using the ObjectKey column and to other views by using the UserName column. |
v_UserInstancePermissions |
Lists the SMS object key, user name, instance key (collection ID, advertisement ID, query ID, and so forth.), and permissions the user has to a specific instance of a secured object. The view can be joined to the other security views by using the ObjectKey column and to other views by using the UserName or InstanceKey columns. |
v_UserInstancePermNames |
Lists the SMS object key, user name, permission name the user has to the specific instance of a secured object, instance key (collection ID, advertisement ID, query ID, and so forth), and permission number. This view contains the same information as the v_UserInstancePermissions view, but instead of using one decimal value for combined permissions, it lists each permission individually by name. The view can be joined to the other security views by using the ObjectKey column and to other views by using the UserName or InstanceKey columns. |
SMS Secured Objects
Class and instance permissions can be set on eight secured objects in SMS. These SMS secured objects and their associated object keys are listed in the following table.
Object Key |
Object Name |
|---|---|
1 |
Collection |
2 |
Package |
3 |
Advertisement |
4 |
Status Message |
5 |
(Not used) |
6 |
Site |
7 |
Query |
8 |
Report |
9 |
Software Metering Rule |
How to Interpret Decimal Permission Values
In each security view there is a decimal number that equates to a specific class or instance permission. Each individual permission uses one of 18 bits. The following table lists each of these permissions, the bit that is used, and the decimal value of that bit.
Permission Name |
Bit Value |
Bit Position |
Decimal Value |
|---|---|---|---|
Read |
1 |
1 |
1 |
Modify |
10 |
2 |
2 |
Delete |
100 |
3 |
4 |
Distribute |
1000 |
4 |
8 |
Create Child |
10000 |
5 |
16 |
Use Remote Tools |
100000 |
6 |
32 |
Advertise |
1000000 |
7 |
64 |
Modify Resource |
10000000 |
8 |
128 |
Administer |
100000000 |
9 |
256 |
Delete Resource |
1000000000 |
10 |
512 |
Create |
10000000000 |
11 |
1024 |
View Collected Files |
100000000000 |
12 |
2048 |
Read Resource |
1000000000000 |
13 |
4096 |
Delegate |
10000000000000 |
14 |
8192 |
Meter |
100000000000000 |
15 |
16384 |
Manage SQL Commands |
1000000000000000 |
16 |
32768 |
Manage Status Filters |
10000000000000000 |
17 |
65536 |
Manage Folder |
100000000000000000 |
18 |
131072 |
To interpret a permission value, you can convert the decimal value to binary and use the table above to get the specific permissions. To help understand this process, two examples are listed below.
Decimal Conversion Example 1
In the v_SecuredObject view, the SMS_Site secured object has a value of 114695 for AvailableInstancePermissions. To find out what this means, first convert the decimal number to binary. This equates to 11100000000000111, in which the 1st, 2nd, 3rd, 15th, 16th, and 17th bits are used. By using the table above, the bits are interpreted as follows.
Permission Name |
Decimal Value |
|---|---|
Read |
1 |
Modify |
2 |
Delete |
4 |
Meter |
16384 |
Manage SQL Commands |
32768 |
Manage Status Filters |
65536 |
Decimal Conversion Example 2
In the v_SecuredObject view, the SMS_Collection secured object has a value of 6887 for AvailableInstancePermissions. This decimal number results in 1101011100111 when converted to binary. This is interpreted as follows.
Permission Name |
Decimal value |
|---|---|
Read |
1 |
Modify |
2 |
Delete |
4 |
Use Remote Tools |
32 |
Advertise |
64 |
Modify Resource |
128 |
Delete Resource |
512 |
View Collected Files |
2048 |
Read Resource |
4096 |