think-cell
asked on
Who am I? How to use Microsoft Office Permission/UserPermission
Microsoft Office documents, im my case: PowerPoint presentations, can have restricted permissions. How can I find out, programmatically, which permissions my code has on a given document?
All I can find on MSDN on this topic is this: http://msdn.microsoft.com/en-us/library/aa432118.aspx
If I run the attached code, I get a list of users that have permissions on the given document. The "Permission" is a bitmap the definition for which I found in Microsoft's public COM header files (see next to code).
Still, this does not tell me which particular permissions my code has. If I only knew who I am (in terms of a UserPermission.UserId), I could look up my permissions in the Permission object. But I cannot find that bit of information. What am I missing?
There are known ways to obtain the Windows user name (the login name for the current user on that Windows machine). Unfortunately, this is not the user id that is checked against when PowerPoint decides which permissions I have on the document. To emphasize: PowerPoint provides a UI that lets me change "who I am" at run time. Obviously, this does not change the login use name (i.e., the name returned by ADVAPI). The user names PowerPoint is referring to, are identified/authorized via Microsoft's Passport.
Thanks in advance!
Volker
All I can find on MSDN on this topic is this: http://msdn.microsoft.com/en-us/library/aa432118.aspx
If I run the attached code, I get a list of users that have permissions on the given document. The "Permission" is a bitmap the definition for which I found in Microsoft's public COM header files (see next to code).
Still, this does not tell me which particular permissions my code has. If I only knew who I am (in terms of a UserPermission.UserId), I could look up my permissions in the Permission object. But I cannot find that bit of information. What am I missing?
There are known ways to obtain the Windows user name (the login name for the current user on that Windows machine). Unfortunately, this is not the user id that is checked against when PowerPoint decides which permissions I have on the document. To emphasize: PowerPoint provides a UI that lets me change "who I am" at run time. Obviously, this does not change the login use name (i.e., the name returned by ADVAPI). The user names PowerPoint is referring to, are identified/authorized via Microsoft's Passport.
Thanks in advance!
Volker
Sub test()
Dim perm As Office.Permission
Set perm = ActivePresentation.Permission
Dim uperm As Office.UserPermission
For Each uperm In perm
Debug.Print uperm.UserId & ", " & uperm.Permission
Next uperm
End Sub
enum MsoPermission
{
msoPermissionView = 1,
msoPermissionRead = 1,
msoPermissionEdit = 2,
msoPermissionSave = 4,
msoPermissionExtract = 8,
msoPermissionChange = 15,
msoPermissionPrint = 16,
msoPermissionObjModel = 32,
msoPermissionFullControl = 64,
msoPermissionAllCommon = 127
};
ASKER
Glenna, Thank you for your remark. As mentioned in my question, I already studied the documentation you are referring to. For clarification, I enhanced my code sample, see below. I also add some sample output from the enhanced code sample (email addresses obfuscated, obviously). I may be missing the obvious here, but I cannot see how from this information I could derive which permission I actually have on that document.
Sub test()
Dim perm As Office.Permission
Set perm = ActivePresentation.Permission
Debug.Print "Enabled=" & perm.Enabled
If perm.Enabled Then
Debug.Print "PermissionFromPolicy=" & perm.PermissionFromPolicy
Debug.Print "PolicyName=" & perm.PolicyName
Debug.Print "PolicyDescription=" & perm.PolicyDescription
Dim uperm As Office.UserPermission
For Each uperm In perm
Debug.Print uperm.UserId & ", " & uperm.Permission
Next uperm
End If
End Sub
Sample output:
Enabled=True
PermissionFromPolicy=False
PolicyName=Do Not Distribute
PolicyDescription=Permission is currently restricted. Only specified users can access this content.
john@doe.com, 64
user@system.de, 33
myname@example.com, 33
I'm finding diddly on this particular object. I really suck at writing VB, but I'm actually pretty good at being a set of different eyes. :-)
I'll keep looking. You might want to post at an alternative forum:
http://social.msdn.microsoft.com/Forums/en-US/isvvba/threads
I'll keep looking. You might want to post at an alternative forum:
http://social.msdn.microsoft.com/Forums/en-US/isvvba/threads
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Today I received an additional answer from Microsoft (still regarding SRQ091221600157) which actually seems to solve the problem, at least in my particular instance. This approach still smells like work-around and there is no documentation that would confirm that it actually works, but it seems plausible enough and withstands some ad-hoc tests. And, it feels much less patchy than any other work-around I came up with. It goes like this:
Only users with msoPermissionFullControl can see permissions of other users (undocumented assumption). Thus, if a user does not have msoPermissionFullControl, the Permission collection contains exactly one item and this item reflects the current user's permissions. If the permission collection contains multiple items, this means that the current user must have msoPermissionFullControl. Also, the current user must be visible in the Permission collection, but there is still no way to find out which of the identities in the Permission collection represents the current user.
Only users with msoPermissionFullControl can see permissions of other users (undocumented assumption). Thus, if a user does not have msoPermissionFullControl, the Permission collection contains exactly one item and this item reflects the current user's permissions. If the permission collection contains multiple items, this means that the current user must have msoPermissionFullControl. Also, the current user must be visible in the Permission collection, but there is still no way to find out which of the identities in the Permission collection represents the current user.
http://msdn.microsoft.com/en-us/library/aa432118.aspx
Note this:
Microsoft Office Information Rights Management supports the use of administrative permission policies which list users and groups and their document permissions. Use the ApplyPolicy method to apply a permission policy, and the PermissionFromPolicy, PolicyName, and PolicyDescription properties to return policy information.
Use of the Permission object raises an error when the Windows Rights Management client is not installed.