SetUserPrivileges

Description

This services sets or revokes privileges for a specified user.

Arguments

Argument	Type	Description
auth (optional)	Auth	The Auth type supplies credentials and optionally, a host name for licensing. The userId and password can be specified with HTTP BASIC or WS-SECURITY instead.
user (optional)	UserIdentifier	Indicates the user for which privileges should be set or revoked. If this parameter is not provided, the privilege is set against the user account that sends the call.
privilege	PrivilegeInfo	Indicates the name and assignment information for a privilege.

Response

One or more PrivilegeHolder responses are returned. The privileges are returned in the context of either the calling user or the specified user. The privilege name, type, access information, and objectId (if the privilege applies only to a particular object like a project or table) are returned. For more information, see PrivilegeHolder.

Usage

This call enables you to set one or more privileges for a user. Use the GetPrivilegeTypes and GetTypePrivileges calls to get available privilege types and privilege names.

If a privilege is specified, but no access information is sent, the privilege is automatically set to REVOKED. To successfully grant or revoke a privilege, you must supply the privilege's corresponding object unless specified otherwise.

The following table lists the available user privilege types and their corresponding objects. (Send any of the following privilege types using GetTypePrivileges to return the type's associated privileges).

Privilege Type	Associated objectId
TS_PRIVTYPE_USERPRJ	Project – To grant groups project-type privileges, you must include the project `displayName`, `id`, or `uuid` in the `<urn:objectId>` argument. Tip: You do not send project information using the privilege.projectId element. Use one of the objectId parameters instead.
TS_PRIVTYPE_USERWKF	Workflow – Not used. There are no workflow-based privileges for users that you can grant or revoke in SBM.
TS_PRIVTYPE_USERFLD	Folder – To grant groups folder-type privileges, you must include the folder `displayName`, `id`, or `uuid` in the `<urn:objectId>` argument.
TS_PRIVTYPE_USERTBL	Table – To grant groups table-type privileges, you must include the table `displayName`, `id`, or `uuid` in the `<urn:objectId>` argument.
TS_PRIVTYPE_USERSYS	System – Not bound to a specific object, so objectId parameters can be empty.

The following table lists the available administrator privilege types and their corresponding objects. (Send any of the following privilege types using GetTypePrivileges to return the type's associated privileges).

Note: Administrator privileges can only be granted to groups with Managed Administrator access.

Privilege Type	Associated objectId
TS_PRIVTYPE_ADMSYS	System – Not bound to a specific object, so objectId parameters can be empty.
TS_PRIVTYPE_ADMPRJ	Project – To grant groups administrative project-type privileges, you must include the project `displayName`, `id`, or `uuid` in the `<urn:objectId>` argument. Tip: You do not send project information using the privilege.projectId element. Use one of the objectId parameters instead.
TS_PRIVTYPE_ADMWKF	Workflow – To grant groups administrative workflow-type privileges, you must include the workflow `displayName`, `id`, or `uuid` in the `<urn:objectId>` argument.
TS_PRIVTYPE_ADMFLD_PRJ	Override Ordering for Default Fields – To grant groups administrative override-type privileges for fields in projects, you must include the project `displayName`, `id`, or `uuid` in the `<urn:objectId>` argument.
TS_PRIVTYPE_ADMFLD_WKF	Workflow – Not used. There are no workflow-based field privileges for administrators that you can grant or revoke in SBM.
TS_FLDPRIVTYPE_ADMFLD	Field – To grant groups administrative field-type privileges, you must include the field `displayName`, `id`, or `uuid` in the `<urn:objectId>` argument. Important: You must include a project value in `projectId` in order to identify the correct field in the correct project.
TS_FLDPRIVTYPE_ADMGRP	Group – To grant groups administrative group-type privileges, you must include the group `displayName`, `id`, or `uuid` in the `<urn:objectId>` argument.
TS_FLDPRIVTYPE_ADMTBL	Table – To grant groups administrative table-type privileges, you must include the table `displayName`, `id`, or `uuid` in the `<urn:objectId>` argument.
TS_PRIVTYPE_ADMCON	Deployment – Not bound to a specific object, so objectId parameters can be empty.

Faults

An invalid parameter was passed.
Privilege type '<privilege type name>' was not found. Use the GetPrivilegeTypes call to get the most current list of privilege types.
The <user|group> is not a Managed Administrator; therefore, the user cannot be assigned administrative privileges.
An objectId of existing <project|table|folder|workflow|group|field> type is needed for the '<privilege type name>' privilege type.
Project not found for TS_FLDPRIVTYPE_ADMFLD privilege.

XML

The following XML is a snippet of the payload that is sent with SetUserPrivileges.

<urn:SetUserPrivileges>
    <urn:auth>
        <urn:userId>bill</urn:userId>
        <urn:password></urn:password>
        <urn:hostname></urn:hostname>
    </urn:auth>
    <urn:user>
        <urn:loginId>john</urn:loginId>
    </urn:user>
    <urn:privilege>
        <urn:privilegeId>
            <urn:name>TS_USRSYSPRIV_LOGONASUSER</urn:name>
        </urn:privilegeId>
        <urn:access>GRANTED</urn:access>
    </urn:privilege>
</urn:SetUserPrivileges>