0

I want to use DFCs in order to change the value for r_accessor_permit of a group assigned to an acl :

1 - > first I chose an ACL called "fme"

2 - > Then I wrote the following DQL in order to get the groups assigned to it :

select r_accossor_name from dm_acl where object_name = 'fme'

3 - > I received a list of groups and I copy pasted one of them which was called : grp_corp_lgl_sateri_hk

Then I wrote the following : 

public void changeGroupPermission (){
    try{
        String myAcl = "fme";
        IDfACL acl = (IDfACL)_session.newObject("dm_acl");
        acl.setString("object_name", myAcl);

        acl.revoke("grp_corp_lgl_sateri_hk","execute_proc");
        acl.save();
    }catch(Exception E){
        System.out.println(E.getLocalizedMessage());
    }
    }

And I ran it the result was the following error :

[DM_ACL_E_NOMATCH]error: "No ACEs matched for the name 'grp_corp_lgl_sateri_hk' in the ACL 'fme'."

I am quite sure that I have not made any typing mistake . But I cant find the reason why I am facing such error . Any idea where am I making my mistake ?

===> Updating question After I realised what my mistake was based on the comments I gave it another attempt as follow : 

    try{
            String aclName = "fme";
            IDfACL acl = _session.getACL(aclName, "LEXOPEDIA");
            acl.destroy();
//or 
            acl.revoke("grp_sateri_prc_lgl_acc2", "change_location");
            acl.save();
        }catch(Exception E){
            E.printStackTrace();
        }

But I still keep getting error and I really know why ? Any idea ?

Danial Kosarifa
  • 1,044
  • 4
  • 18
  • 51

1 Answers1

1

You made mistake when you thought that retrieving ACL from repository is done using IDfSession.newObject(<type_name>) method. This method serves to create new objects in repository. Instead you should do:

IDfACL acl = sess.getObjectByQualification("dm_acl where object_name='" + myAcl + "'");
acl.revoke("grp_corp_lgl_sateri_hk","execute_proc");
acl.save();

or

IDfACL acl = sess.getACL(myACL, <your ACL's domain name>); 
// domain name could be "DM_DBO" if your ACL is available for everyone in repository
acl.revoke("grp_corp_lgl_sateri_hk","execute_proc");
acl.save();

Since you created new object it's logical that you at that point don't have accessor with name grp_corp_lgl_sateri_hk.

Miki
  • 2,493
  • 2
  • 27
  • 39
  • `IDfACL acl = sess.getACL(myACL, ); ` is the line that still keeps giving me error . Even I tried to create a new acl_name and give it the permissions that I wish and update the acl name for the objects using it I still can not use `acl.destroy();` function to remove the previous one . Any idea why? XD I've updated the question for better reference ;) – Danial Kosarifa Nov 10 '16 at 07:24
  • once I try to print out the acl variable to see if there is any object stored in it or not the result is null . Which makes think that most probably the acl fetching is not working but why ? the first attribute of the getACL() should be the object_name and the second one should be the owner right ? and it exists in the dm_acl object table – Danial Kosarifa Nov 10 '16 at 08:03
  • "the first attribute of the getACL() should be the object_name and the second one should be the owner right ?". No, no, no. I wrote you what is second atribute -> domain name. It can be owner, but it doesn't need to be. Use DA or whatever you use and make sure you are using right domain. If you're not sure paste screenshot in your question and I'll tell you. – Miki Nov 10 '16 at 09:00
  • btw, why don't you use approach with getObjectByQualification method to check wether you're doing something wrong with domain name? – Miki Nov 10 '16 at 09:02
  • Oh I found what was wrong . In dm_acl object table there is no column called acl_name instead the name is object_name and now it seems to be working fine ;) – Danial Kosarifa Nov 10 '16 at 09:55
  • please correct me if I am wrong based on my understanding in dm_folder you have 2 columns called acl_name and acl_domain but in dm_acl we dont have either of them instead we have object_name and acl_owner but they're both holding the same values respectively but the default value for acl_owner is dmadmin or basically the one who is using the current session unless I mention otherwise !? – Danial Kosarifa Nov 10 '16 at 10:31
  • You are correct when talking about attribute names at types dm_folder and dm_acl. However, attributes acl_name and acl_domain on dm_sysobject (super type of dm_folder that have acl_name attribute) are just holding values that was once set. there is no default value for acl_owner, even more it really doesn't need to hold information of its owner, you can change it later -> [for example](http://imgur.com/IbzcKgy). However as you are assuming, if you are creating ACL implicitly, it will hold username of the owner. – Miki Nov 10 '16 at 10:44