Access Control Overview

Search clauses may be used with TrimMainObjectSearch either via the TrimSearchClause class or as strings via TrimMainObjectSearch.SetSearchString. Given that search clauses may be captioned it is a good idea when using them as strings to use their internal name. This document lists all search clauses along with their internal names.

Setting Access Control Locations

Making the ACL of a Record (or other object) private requires you to set the access locations. You can set this to one or more Locations (individuals or groups). There are a couple of tricks to know, the first is knowing the correct ACL function enum (see below, the second is to avoid 'the double dot problem'. Given that AccessControlList is a property of the object it can be tempting to use it directly, instead you must assign it to a temporary variable while updating the ACL and then re-set the ACL from the temporary variable before saving.

Incorrect way to set the ACL

Record record = new Record(database, "REC_1");
record.AccessControlList.SetAccessLocations(
    (int)RecordAccess.UpdateDocument, 
    new LocationList() { 
        new Location(database, 9000000072),
        new Location(database, 9000000049) });
record.Save();

Setting the ACL Correctly

Record record = new Record(database, "REC_1");
TrimAccessControlList accessControl = record.AccessControlList;
accessControl.SetAccessLocations(
    (int)RecordAccess.UpdateDocument, 
    new LocationList() { 
        new Location(database, 9000000072),
        new Location(database, 9000000049) });
record.AccessControlList = accessControl;
record.Save();

ACL Enums

The ACL enum for a particular object can be determined either from the TrimAccessControlList.FunctionEnum property or from the ObjectDef. The table below is built by iterating ObjectDefs for all TrimMainObjects.

List of TrimMainObjects with primary ACL

Id	PrimaryACL Enum	Has User Fields	Has copied ACL	HasCopiedSecurity
ActionDef		False	False	False
Activity		True	False	False
AgendaItem	AgendaItemAccess	False	False	False
AgendaItemType	GeneralAccess	False	False	False
Alert		False	False	False
AutoPartRule	GeneralAccess	False	False	False
Census		False	False	False
Classification	GeneralAccess	True	True	True
Communication		False	False	False
Consignment		True	False	False
ConsignmentApprover		False	False	False
ConsignmentIssue		False	False	False
Database		False	False	False
DocumentQueue	GeneralAccess	False	False	False
ElectronicStore		False	False	False
EmailLink		False	False	False
FieldDefinition	FieldAccess	False	False	False
History		False	False	False
Hold		True	False	False
HtmlLayout		False	False	False
Jurisdiction		False	False	False
Keyword	GeneralAccess	True	False	False
Location	GeneralAccess	True	False	False
LookupItem	GeneralAccess	False	False	False
LookupSet	GeneralAccess	False	False	False
MailTemplate		False	False	False
Meeting	MeetingAccess	True	False	False
MeetingType	GeneralAccess	True	True	False
MinuteItem		False	False	False
MinuteItemType	GeneralAccess	False	False	False
Notification		False	False	False
OfflineRecord		False	False	False
Origin	GeneralAccess	False	False	False
OriginHistory		False	False	False
Record	RecordAccess	True	False	False
RecordAction		False	False	False
RecordType	GeneralAccess	False	True	True
Report	GeneralAccess	False	False	False
ReportBitmap		False	False	False
Request		False	False	False
SavedSearch	GeneralAccess	False	False	False
Schedule	GeneralAccess	True	False	False
ScheduledTask		False	False	False
SearchForm	GeneralAccess	False	False	False
SecurityCaveat		False	False	False
SecurityLevel		False	False	False
SharePointItem		False	False	False
Space	GeneralAccess	True	False	False
StopWord		False	False	False
TodoItem		True	False	False
UserLabel		False	False	False
Word		False	False	False
Workflow	WorkflowAccess	True	False	False
WorkflowTemplate	GeneralAccess	False	True	False
ZipCode		False	False	False

Code Sample

This Powershell script was used to generate the table above.

Add-Type -Path "[PATH TO cm BINARIES]\HP.HPTRIM.SDK.dll"
$database = New-Object HP.HPTRIM.SDK.Database
$database.Id = "[YOUR DATABASE id]"
$database.WorkgroupServerName = "[YOUR SERVER NAME]"
$database.Connect()
function Em
{
param([bool]$a) 
    if ($a -eq $true) {
        return "**True**"
    }
    return "False"
}
try {
    $file = New-Object System.IO.StreamWriter("c:\\temp\\objectDefinitions.txt", $false)
    $file.WriteLine("Id                                                            | PrimaryACL Enum      | Has User Fields  | Product Feature       | Has copied ACL | HasCopiedSecurity")
    $file.WriteLine("--------------------------------------------------------------|----------------------|------------------|-----------------------|----------------|------------------")
    [HP.HPTRIM.SDK.ObjectDef]::SelectAllMainObjects($database) | sort Name | foreach {
        $id = [string]::Format("[{0}](@ref HP.HPTRIM.SDK.{0})", $_.Id);
        $aclEnum = ""
        if ($_.PrimaryACLEnum -ne [HP.HPTRIM.SDK.AllEnumerations]::Unknown) {
            $aclEnum = $_.PrimaryACLEnum.ToString();
        }
        $hasFields = Em($_.HasUserFields)
        $hasACL = Em($_.HasCopiedACL)
        $sec = Em($_.HasCopiedSecurity)
        $file.WriteLine("{0,-61} | {1,-20} | {2,-16} | {3,-15} | {4}",
          $Id, $aclEnum,$hasFields,  $hasACL,  $sec);
    }
} catch{
"Error: "
  $error[0]
}
finally {
    $file.Dispose()
    $database.Dispose()
}

Table of Contents