AX1500

GetSecurityInfo data lookup

You can use GetSecurityInfo rows in a DataLookup data source to return information about security permissions for Axiom Software users, as defined in Security.

The GetSecurityInfo data lookup supports similar query parameters as the GetSecurityInfo function, and can be used as a substitute for this function to improve file performance. The data lookup is intended to be used in cases where the queried value is not expected to change during the current file session, and therefore the value only needs to be queried once (or only after specific events).

To create a GetSecurityInfo data lookup, add a [GetSecurityInfo] row to a DataLookup data source and add the appropriate parameter columns. For more information on creating the DataLookup data source, see Creating DataLookup data sources.

GetSecurityInfo parameters

[GetSecurityInfo] rows use the following parameter columns. Within the DataLookup control row, these parameter names must be placed in square brackets—for example, [CodeName]. The parameters can be placed in any order.

NOTE: If the entry for any parameter depends on a value returned by another data lookup row, then that row must be in a different data source and executed before this row is executed. For more information, see Dependent data lookups.

Parameter	Description
CodeName	Specifies the security property to return. Use one of the following values: `FileGroup`: Returns information on a user's plan file access filter. `TableType`: Returns information on a user's table type access filter. `Table`: Returns information on a user's table access filter. `IsSysAdmin`: Returns whether a user is a system administrator. `PermissionGranted`: Returns a user's security permission status. `InRole`: Returns a user's role assignment status. For all codes except IsSysAdmin, you must use the SecurityItem parameter to specify which security item to return information about. For example, if you use the code FileGroup, you must use SecurityItem to specify which file group you want to return information about.
SecurityItem	The name of the security item for which to return information. This parameter is required for all code names except IsSysAdmin. The following list details which information to specify for each code: FileGroup: Specify the name of the file group. A file group alias name can also be used. TableType: Specify the name of the table type. Table: Specify the name of the table. PermissionGranted: Specify the code for the permission. See the following table for a list of permission codes. InRole: Specify the name of the role.
UserName	Optional. The name of the user or role for which to return the security information. If omitted, the current user is assumed.
LocalizeResult	Optional. Only applies if the code name is FileGroup, TableType, or Table. Boolean value to determine whether the permission is returned using integer values or by using the permission name in security. If FALSE (default), the function returns "0" to indicate no access, and "1" to indicate full access. If TRUE, the function returns the permission names "No Access" or "Full Access". If the user's access is filtered, the filter text is returned.
ReturnWriteFilter	Optional. Only applies if the code name is TableType or Table. Boolean value to determine whether the user's read permissions or the user's write permissions are returned. If FALSE (default), the user's read permissions are returned. If TRUE, the user's write permissions are returned. By default, a user's read and write permissions are the same unless different write permissions are explicitly defined. So in most cases, returning the read filter returns the user's overall access. However, if you need to return the write access specifically, you can use this parameter to do so.
Domain	Optional. The Active Directory domain of the user. The domain property only applies to users that have been imported from Active Directory. Manually created users do not have a value for domain. You might be required to specify a domain to identify the correct user if users have been imported from multiple Active Directory domains and have the same user name. If all user names are unique across domains, then it is not necessary to specify the domain.
Result	The Result column is where the return value for the row is placed when the data lookup is executed. You can reference this cell to use the return value in other areas of the file. This column must be present in order for the data lookup to be valid.
IsError	Optional. Indicates whether the return value for the data lookup was an error. If TRUE, the return value is an error. This may be an Axiom #ERR code, a specific error message, or a custom error message defined in the data lookup (such as the GetData invalid query message). If FALSE, the query executed successfully. The IsError column can be helpful if you need to set up formulas with error trapping. Instead of using the ISERROR Excel function, you can use a construction such as: =IF(Info!$M$10=True, "", Info!$L$10) Where the IsError column is in M10 and the Result column is in L10. If the data lookup returns an error, this function returns blank instead of displaying the error.

When using code PermissionGranted, the SecurityItem parameter must specify the name of the permission to return:

Security Permission	Value To Use In GetSecurityInfo
Administer Announcements	AdministerAnnouncements
Administer Axiom Explorer	AdministerRepository
Administer Ellucian Connections	AdministerEllucianConnections
Administer Exports	AdministerExports
Administer File Groups	AdministerFileGroups
Administer Imports	AdministerImports
Administer Locked Items	AdministerLockedItems
Administer Picklists	AdministerPicklists
Administer Security	AdministerSecurity
Administer Tables	AdministerTables
Administer Task Panes	AdministerTaskPanes
Administer Updates	AdministerUpdates
Browse Audit History	BrowseAuditHistory
Remove Protection	RemoveWorkbookProtection
Scheduled Jobs User	ScheduledJobsUser
User Documents Folder Access	HasUserDocumentsFolder

Remarks

The user's effective permissions are returned, including any access inheritance from a role or admin rights, and subsystem restrictions (if applicable).
When using code FileGroup:
- GetSecurityInfo only returns information on which plan files a user can access within the file group; it does not provide information on what level of access the user has to those files (for example, read only or read/write). Note that if a user has no access plus a filter, then GetSecurityInfo will return no access, even though the filter may be relevant if the user is eligible for process or workflow elevation.
- Users can be granted different levels of access to different sets of plan files within the same file group. For the purposes of this function, all filters are concatenated with OR to result in the total set of plan files that the user can access at some level. If a subsystem restriction applies, it is concatenated with AND.
When using codes Table, TableType, or FileGroup: if the filter uses a filter variable (such as {CurrentUser.LoginName}), the variable is resolved when GetSecurityInfo returns values for a user, and not resolved when GetSecurityInfo returns values for a role.

Example

The following screenshot of a DataLookup data source shows several GetSecurityInfo examples:

For more examples of GetSecurityInfo use, see GetSecurityInfo function. The same examples work for both approaches. To use a function example in a DataLookup data source, you would place the applicable function parameters in the corresponding parameter columns.