O R G A N I C / F E R T I L I Z E R: sms security - script

Sep 16, 2005

sms security - script

okay... as a follow up to my previous post, this script will set the permissions of a defined group to have read/modify/delete rights over the subcollections of a parent collection. i used this to set the subcollections of the master collection i talked about in my previous post. anyway, watch out for potential word wrap. oh, btw, this blogger likes to strip spaces. going to have to make your own formatting. here it is. (watch for word wrap!)

 

' Author:  Marcus C. Oh
' Date:    9/16/2005
' Purpose: Grants a group Read/Modify/Delete instance level
'          permissions to the child collections of a specified
'          parent collection.
' Credit:  I shamelessly ripped the connection string from Michael
'          Schultz and other variable/string logic from him.  :)
'          Permissions logic from the SMS Scripting Guide
'
'          Added subroutine logic sent up by a blog reader.  Now the
'          script parses subcollections.



'--------------------------------------------------------------------
' Modify the following values
mySiteServer =   "<Site Server Name>"
mySiteCode =     "<Site Code>"

' Modify the "mySMSGroup" here to the group you're giving permissions
'   Follow the Domain\GroupName convention

' Modify the "myCollectionID" to the parent collection ID
mySMSGroup =     "<DomainName\GroupName>"
myCollectionID = "<Parent Collection ID>"
'--------------------------------------------------------------------

' Connects to WMI
Set myLocator = CreateObject("WbemScripting.SWbemLocator")
Set myService = myLocator.ConnectServer(mySiteServer, "root/sms/site_" & mySiteCode)

If Err.Number <> 0 Then
    Wscript.Echo "WBemServices connection failed!"
    Wscript.Quit
End If

ProcessCollection(myCollectionID)


' Subroutines ------------------------------------------------------

Sub ProcessCollection(collectionID)
    ' Query to pull the child collections of a given Collection ID
    myQuery = "select coll.* " &_
              "from SMS_Collection as coll join SMS_CollectToSubCollect as assoc " &_
              "on coll.CollectionID=assoc.subCollectionID where " &_
              "assoc.parentCollectionID=" & Chr(34) & myCollectionID & Chr(34)
    
    Set myCollections = myService.ExecQuery(myQuery)
    For Each oCollection In myCollections
        WScript.Echo VbCrLf & "Collection Name: " & oCollection.Name &_
        VbCrLf & "Collection ID  : " & oCollection.CollectionID
        AlreadySet = False
        Set myRights = myService.ExecQuery("Select * From SMS_UserInstancePermissionNames WHERE ObjectKey=1 AND InstanceKey='" & oCollection.CollectionID & "'")
        WScript.Echo "The following groups already have these permissions:" & vbCrLf
        For Each oRight in myRights
            WScript.Echo "  " & oRight.Username + "  " & oRight.PermissionName
            If oRight.Username = mySMSGroup Then AlreadySet = True
        Next
        If Not AlreadySet Then
            Set myNewRight = myService.Get("SMS_UserInstancePermissions").SpawnInstance_()
            myNewRight.UserName = mySMSGroup
            myNewRight.ObjectKey = 1 'Object type is set to Collections
            myNewRight.InstanceKey = oCollection.CollectionID
            myNewRight.InstancePermissions = 1+2+3 'Grant Read, Modify, Delete
            myNewRight.Put_
            WScript.Echo vbCrLF & "The " & mySMSGroup & " users now have access to " &_
                oCollection.Name & "."
            ProcessCollection(oCollection.CollectionID)
        End If
    Next
End Sub