Is there a way to get a list of all roles on the gateway under the a specified user source? Not just a specific user, but all roles? Working on building out a tree view that is stored all in the DB and creating an administration screen for it. But needing to be able to pull a list of roles to finish it out.
Like this? docs.inductiveautomation.com:84 … r.getRoles
Is it possible to return a list of roles(not Ignition created roles) per user from an Active Directory user source? If I use a system.security.getRoles() and the Gateway User Source is set to the desired source is the only way to return these values. Is there any other way of accessing roles(not Ignition created) from an Active Directory user source that is not set as the Gateway User Source?
You can achieve this with system.user.getUsers()
You’ll specify the user data source (ex. ‘AD User Source’) and from there you can getRoles() for a specific user or all users.
Edit Example, this will print the role for the currently logged in user:
userName = system.security.getUsername() user = system.user.getUser("AD User Source", userName) print user.getRoles()
This definitely works to return the Ignition added User Information. Maybe a better question would be, how am I returning Microsoft AD(LDAP) related information when using system.security.getRoles()?
I’m not following.
system.security.getRoles() returns my AD roles no problems.
If you have multiple user sources in your gateway and your projects default user source is NOT the AD user source then system.security.getRoles() will not work. You’ll need to make use of system.user.getUser()/Users()
Here’s an example that should do just that:
users = system.user.getUsers('MY AD USERSOURCE NAME') for user in users: print user.get('username'), user.getRoles()
Please change “MY AD USERSOURCE NAME” to match your AD user source name.
Let me try another explanation.
The User Source I am attempting to access has no users or roles added.
When I use the system.security.getRoles() function I return a tuple of string values, which are our companies AD groups that the user is a member of. These are the values I am looking for, but I would like to know why/how these values are being accessed and how to replicate this if the Gateway User Source is not set to the User Source I’m looking to getRoles from.
This returns no results with ADUSERSOURCE1. If I use a ADUSERSOURCE2 that contains Ignition created users and roles, it does return these usernames and roles.
Sounds like your Active Directory Properties and/or LDAP Settings are not correctly setup for your environment?
By configuring your Active Directory Properties and/or LDAP Settings to retrieve your AD users the above script would print each user and roles.