Hello,
I'm looking for a way to extract a list of users have admin rights on the vault. I didn't find an option for it when Exporting the list of users from M-Files admin.
Thanks.
Hello,
I'm looking for a way to extract a list of users have admin rights on the vault. I didn't find an option for it when Exporting the list of users from M-Files admin.
Thanks.
I have all my system Administrators assigned to a specific Administrators GROUP, Lucas. I can view that Group anytime in the M-Files Admin Tool to see who is in that list. Of course, you need to be an Administrator to do this.
If you can't use the user group approach as suggested by Jan, here's a PowerShell script that may be useful. Replace the vault GUID on line 9 and comment / uncomment other lines as needed.
# Initialize PowerShell for M-Files [Reflection.Assembly]::LoadWithPartialName( "Interop.MFilesAPI" ) $mfserver = new-object MFilesAPI.MFilesServerApplicationClass # Connect to server $mfserver.Connect(1) ## UNCOMMENT THIS FOR SERVER USERS #$users = $mfserver.LoginAccountOperations.GetLoginAccounts() ## UNCOMMENT THESE FOR VAULT USERS $vault = $mfserver.LogInToVault("{6113C44B-8D6C-4243-ABCA-DAF32A02C786}") ## UNCOMMENT THIS TO GET VAULT USERS $users = $vault.UserOperations.GetUserAccounts(); ## UNCOMMENT THIS TO GET VAULT LOGINS (if vault level login accounts are in use) #$users = $vault.UserOperations.GetLoginAccounts(); foreach ($user in $users) { ## VAULT ROLES ## 0 None. ## 1 Full control of vault. ## 2 Can log into the vault. ## 4 Can create documents or other objects. ## 8 See and read all vault content (including deleted objects). ## 16 See and undelete deleted objects. ## 32 Destroy objects. ## 64 Force undo checkout. ## 128 Change permissions for all objects. ## 256 Change metadata structure. ## 512 Manage user accounts. ## 1024 Internal user (as opposed to external user). ## 2048 Can create and modify traditional folders. ## 3078 The default vault roles for a normal user. ## 4096 Manage templates (obsolete). ## 8192 Manage common views and notification rules. ## 16384 Manage workflows. ## 32768 Cannot manage private views and notification rules. ## 65536 Anonymous user. ## UNCOMMENT THESE TO CHECK VAULT LEVEL ROLES ## Change "-band 1" part to wanted shown level. Default shows People with Full control -access if( $user.VaultRoles -band 1) { Write-Output $user.LoginName $user.VaultRoles } ## SERVER ROLES ## 1 = Server Admin ## 2 = Vault creator ## 4 = Backup Operator ## 8 = Allows login to the server ## ## UNCOMMENT THESE TO CHECK SERVER LEVEL ROLES ##if( $user.ServerRoles -band 1) { ## Write-Output $user.AccountName $user.ServerRoles ##} ## LICENSE TYPES ## 1 = Named user license ## 2 = Concurrent user license ## 3 = Read-only license ## UNCOMMENT THIS TO GET USERS WITH CERTAIN LICENSE TYPE #if(($user.LicenseType -eq 1) ) { # Write-Output $user.UserName $user.LicenseType ## UNCOMMENT THESE TO SET LICENSE TYPE # $user.LicenseType = 3 # $mfserver.LoginAccountOperations.ModifyLoginAccount($user) #} }
Joonas, could you please enlighten us with a few details on how and where to run this script?
At least a username and a password must be provided somehow. And a connection to the server must be available.
I assume it must run on the M-Files server itself?
And perhaps username and password should be provided as parameters when starting the script?
Sorry, I don't have any additional information. I only found this script on the Consulting Wiki, haven't tried using it myself. But I think you may be right that it's expected to be run on the server since no credentials are given, unless if can somehow use the pre-defined vault connections on your computer.