vbscipt to assign new security user group to a user

mhayat · ‎2022-07-14

Hi Guys,

I am wondering if there's any VBScript available that I can use to assign a new security usergroup to a user. Basically, what I am doing, I need to use a read-only operator user with no config permission to make some config changes.

My thoughts are: as soon as the operator hits a button on the screen, the script will assign the usergroup with config permission. the script will make the config changes and take the usergroup off from the user. at the end of the script and the user becomes read-only again.

I did get to the point where i used "usergroupids" or "usergroupnames" properties but i can not find a way to assign a new user group... e.g. if a user has 3 usergroups assigned, i can see each user group using script but how to assign more usergroups thats where i am stuck.

I hope it's not something silly to think of.

But if somebody has a better idea I would appreciate it.

Thanks

CraigEl · ‎2022-07-14

What Schneider Electric product and version does this relate to?

mhayat · ‎2022-07-14

Sorry I should had to mention that earlier.

Its Geo SCADA Expert. And the version is October 2021 update.

geoffpatton · ‎2022-07-15

Maybe it could be done from SQL. In the past that would have been simple enough because there used to be a limit of like 4 user groups and they had separate fields but since it is now one field with them all grouped in it editing them will be harder. However the user shouldn't have write permissions to edit their own user so that should eliminate using a script anyway.

You could assign a new user group control permissions on just those items. In its security you'd have to deselect the inherit from Parent on that item and then its security would be managed separately. This works from inside a template. Then permanently add that user group to the basic user.

I have setup ST programs and FBDs which have the right to do controls on other objects and set the permission to execute the ST, or FBD to Read so that anyone can execute it. I have used this for allowing them to execute things like a Refresh on an Outstation and manual execution of a SQL Export.

BevanWeiss · ‎2022-07-15

As mentioned by Geoff, scripts run under the security privileges of the user executing them, so this isn't a solution to changing Security Permissions.

You would need to look into using a Logic routine for this, and I suspect it would almost certainly want to be an ST Logic routine.

I've done something like this before, but I can't remember exactly how I went about it. It definitely involved ST Logic though.

You'd want to look into the Database Schema, against the CUser and CUserGroup types to see what Methods they have, and which of the fields are writable.

Ideally you'd be looking for either a Method on the CUser that is like 'AddUserGroup', or something on the CUserGroup that is like 'AddUser'.

The other point that Geoff raised is a good one also. If it's just a single operation that you need the user to perform with the elevated permissions, then you can easily do this with Logic and then adjusting the permissions for execution of the logic to allow the user to execute it. We commonly use this for letting standard users configure certain aspects of objects. Like assigning outstations to different outstation sets without being allowed to adjust other characteristics of the outstation (etc etc).

Lead Control Systems Engineer for Alliance Automation (VIC).
All opinions are my own and do not represent the opinions or policies of my employer, or of my cat..

MF_SHAIKH · ‎2022-08-30

Hello,

You can save the details of the user in the variables and then remove the user, After that create the same user with different group.

Hope it helps.

Regards,

Faisal