Error message

  • Deprecated function: implode(): Passing glue string after array is deprecated. Swap the parameters in drupal_get_feeds() (line 394 of /users/fisherde/public_html/fishpitt.com/includes/common.inc).
  • Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in menu_set_active_trail() (line 2394 of /users/fisherde/public_html/fishpitt.com/includes/menu.inc).

Mediasite - Roles and Permissions

  • Posted on: 9 March 2015
  • By: admin

Granular Permissions and Frustration

Mediasite's permissions are quite cool in how granular you can be for roles or even individuals. However, with this means you're going to tear your hair out in trying to figure out whether you're missing some permissions, or even worse if you're trying to compare two roles.

If you're fortunate enough to be able to query the database directly or have a DBA you can bribe, there's a way to save yourself a lot of time. This query will show you all of the roles you've got in the system, and the operation/portal resource they have access to, and the permission associated:

SELECT 
  OPR.Name, MOA.Permission, MR.Name AS 'Role Name', MR.DirectoryEntry
FROM 
  OperationAndPortalResources OPR JOIN MediasiteObjects MO ON MO.Id = OPR.Id
  JOIN MediasiteObjectAces MOA ON MOA.Id = MO.Id
  JOIN MediasiteRoles MR ON MR.Id = MOA.RoleId
ORDER BY
  MR.Name DESC

If you're only concerned with a few roles, throw in a 

WHERE
MR.Name IN ('Role1Name','Role2Name',...)

Comparing Two Roles

This is the part that really came in most handy, comparing two roles to see the permissions that one role had that were absent from another.

The results of this query show what the ITSAdministrators have access to, that the SDSupport staff do not have.

Tagged: 
Mediasite
SQL