Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000021358 - How to determine a SecurID user's group membership programmatically

Document created by RSA Customer Support

on Jun 16, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000021358
Applies To	RSA ACE/Server 5.2 Administration API All platforms
Issue	How to determine a SecurID user's group membership programmatically
Cause	The RSA ACE/Server ATK does not provide a specific API to determine if a user belongs to specified group
Resolution	There are several approaches to determine a user's group information via the ATK. Two of these approaches are shown below with pseudo-code to approximate 'C/C++': ============================================================= 1. ACE ATK function Sd_ListGroupMembership (ref ace_admin_toolkit.pdf Page 131) ============================================================= //determines if user (defLogin) is in group boolean UserInGroup(char defLogin, char group); { boolean userInGroup = false; do { SD_ListGroupMembership(deflogin, "",buffer,MAX_RESULT_MSG_SIZE); if ( strcmp(buffer, group) == 0 ) { //user in group, close search SD_ListGroupMembership(deflogin, "-c",buffer,MAX_RESULT_MSG_SIZE); userInGroup = true; } } while (strcmp(buffer,"Done")!=0 \|\| !userInGroup ) return userInGroup; } NOTE: The Sd_List functions return a single result and must be called multiple times to search through a given data set. Sd_List functions return a list terminator (default string "Done") when there are no more elements. If list element retrieval is terminated prior to the end of the list, the db search must be closed by calling the Sd_List function with the close option set ("-c"). Failure to close the search can cause other database accesses to fail until the API is restarted via Sd_ApiInit(). ============================================================= 2. ACE ATK function Sd_DynamicSelect (ref ace_admin_toolkit.pdf Page 79) ======================================================== Sd_DynamicSelect can invoke custom ACE/Server database queries via SQL. The database schema is documented in ace_admin_toolkit.pdf starting on Page 231: Sd_ApiInit() ... SD_DynamicSelect( Sd_DynamicSelect(tempfile,0,1,0,1,"","","SELECT chName FROM SDGroup JOIN SDGroupMember ON (SDGroup.iGroupNum = SDGroupMember.iGroupNum) JOIN SDUser ON (SDGroupMember.iUserNum = SDUser.iUserNum)WHERE ( SDUser.chDefaultLogin = \"joesoap\" )","","",""); ... SD_ApiEnd() NOTE: The result is a list of groups written to tempfile. Additional code would be required to process the group(s) in the file.
Legacy Article ID	a22627

Attachments

Outcomes

0 Comments

Recommended Content