我是谁?如何使用 Microsoft Office 权限/用户权限
Microsoft Office 文档(我的情况是:PowerPoint 演示文稿)可以具有受限的权限。如何以编程方式找出我的代码对给定文档拥有哪些权限?
我在 MSDN 上能找到关于这个主题的所有内容是: http://msdn.microsoft.com/en-us/library/aa432118。 aspx
如果我运行以下代码,我会得到对给定文档拥有权限的用户列表:
Sub test()
Dim perm As Office.Permission
Set perm = ActivePresentation.Permission
Debug.Print "Enabled=" & perm.Enabled
If perm.Enabled Then
Debug.Print "PermissionFromPolicy=" & perm.PermissionFromPolicy
Debug.Print "PolicyName='" & perm.PolicyName & "'"
Debug.Print "PolicyDescription='" & perm.PolicyDescription & "'"
Dim uperm As Office.UserPermission
For Each uperm In perm
Debug.Print uperm.UserId & ", " & uperm.Permission
Next uperm
End If
End Sub
示例输出:
Enabled=True
PermissionFromPolicy=False
PolicyName='Do Not Distribute'
PolicyDescription='Permission is currently restricted. Only specified users can access this content.'
[email protected], 64
[email protected], 33
[email protected], 33
“权限”是一个位图,我在 Microsoft 的公共 COM 头文件中找到了它的定义:
enum MsoPermission
{
msoPermissionView = 1,
msoPermissionRead = 1,
msoPermissionEdit = 2,
msoPermissionSave = 4,
msoPermissionExtract = 8,
msoPermissionChange = 15,
msoPermissionPrint = 16,
msoPermissionObjModel = 32,
msoPermissionFullControl = 64,
msoPermissionAllCommon = 127
};
仍然,这并没有告诉我我的代码具有哪些特定权限。如果我只知道我是谁(就 UserPermission.UserId 而言),我可以在 Permission 对象中查找我的权限。但我找不到那一点信息。我缺少什么?
有多种已知方法可以获取 Windows 用户名(该 Windows 计算机上当前用户的登录名)。不幸的是,当 PowerPoint 决定我对文档拥有哪些权限时,这不是检查的用户 ID。强调一下:PowerPoint 提供了一个 UI,让我可以在运行时更改“我是谁”。显然,这不会改变登录使用名(即ADVAPI返回的名称)。 PowerPoint 所指的用户名是通过 Microsoft 的 Passport 进行识别/授权的。
预先感谢!
沃尔克
Microsoft Office documents, im my case: PowerPoint presentations, can have restricted permissions. How can I find out, programmatically, which permissions my code has on a given document?
All I can find on MSDN on this topic is this:
http://msdn.microsoft.com/en-us/library/aa432118.aspx
If I run the following code, I get a list of users that have permissions on the given document:
Sub test()
Dim perm As Office.Permission
Set perm = ActivePresentation.Permission
Debug.Print "Enabled=" & perm.Enabled
If perm.Enabled Then
Debug.Print "PermissionFromPolicy=" & perm.PermissionFromPolicy
Debug.Print "PolicyName='" & perm.PolicyName & "'"
Debug.Print "PolicyDescription='" & perm.PolicyDescription & "'"
Dim uperm As Office.UserPermission
For Each uperm In perm
Debug.Print uperm.UserId & ", " & uperm.Permission
Next uperm
End If
End Sub
Sample output:
Enabled=True
PermissionFromPolicy=False
PolicyName='Do Not Distribute'
PolicyDescription='Permission is currently restricted. Only specified users can access this content.'
[email protected], 64
[email protected], 33
[email protected], 33
The "Permission" is a bitmap the definition for which I found in Microsoft's public COM header files:
enum MsoPermission
{
msoPermissionView = 1,
msoPermissionRead = 1,
msoPermissionEdit = 2,
msoPermissionSave = 4,
msoPermissionExtract = 8,
msoPermissionChange = 15,
msoPermissionPrint = 16,
msoPermissionObjModel = 32,
msoPermissionFullControl = 64,
msoPermissionAllCommon = 127
};
Still, this does not tell me which particular permissions my code has. If I only knew who I am (in terms of a UserPermission.UserId), I could look up my permissions in the Permission object. But I cannot find that bit of information. What am I missing?
There are known ways to obtain the Windows user name (the login name for the current user on that Windows machine). Unfortunately, this is not the user id that is checked against when PowerPoint decides which permissions I have on the document. To emphasize: PowerPoint provides a UI that lets me change "who I am" at run time. Obviously, this does not change the login use name (i.e., the name returned by ADVAPI). The user names PowerPoint is referring to, are identified/authorized via Microsoft's Passport.
Thanks in advance!
Volker
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
尝试 GetUserName()、GetUserNameW() 或 GetUserNameA() 函数之一并如此声明:
另请参阅 MSDN 关于 GetUserName。
您需要
dim长度为255的字符串并将254作为参数nSize传递。该字符串被ByVal传递回调用者。也许您需要先left()该字符串,然后才能使用它与uperm.UserId进行比较。Try one of the functions GetUserName(), GetUserNameW() or GetUserNameA() and declare it thusly:
Also see MSDN about GetUserName.
You need to
dima string with length 255 and pass 254 as parameternSize. This string is passedByValback to the caller. Perhaps you need toleft()the string before you can use it to compare it withuperm.UserId.我已就此事向 Microsoft 开具了票证 (SRQ091221600157)。经过与 Microsoft 支持人员的长时间讨论后,该票证仍处于待处理状态,但我认为可以肯定地说,没有明确的方法来获取我需要的信息。
Microsoft 明确指出,PowerPoint 中没有 API 可以获取用于打开演示文稿的身份或当前活动的权限。已提交添加该 API 的功能请求。
如果您处于拥有自己的权限管理服务器的封闭环境中,则以下方法可能会起作用(引用 Microsoft 支持,我自己没有对此进行测试):
1) 使用 COM 对象 ADSystemInfo 对象。
2)使用.NET方法
但是,这些方法不适用于使用在线 IRM 服务 (Microsoft Passport) 的身份。此外,即使使用您自己的权限管理服务器,也有可能在运行时更改 PowerPoint 中的身份,在这种情况下,上述方法可能不会产生所需的结果(我没有进一步调查这一点)。
最后,我必须想出一个解决方法,通过尝试运行一些代表性的 API 调用,然后检查调用是否失败来测试我所需的权限。
感谢您的贡献,
沃尔克
I have opened a ticket with Microsoft on this (SRQ091221600157). After a lengthy discussion with Microsoft Support, the ticket is still pending but I think it is already safe to say that there is no explicit way to obtain the information I need.
Microsoft explicitly states that there is no API in PowerPoint to obtain either the identity that was used to open a presentation, or the currently active permissions. A feature request to add that API has been filed.
If you are in a closed environment with your own Rights Management Server, the following approaches would probably work (quoting Microsoft Support, I did not test this myself):
1) Using the COM object ADSystemInfo object.
2) Using the .NET approach
However, these approaches do not work for identities that use online IRM services (Microsoft Passport). Also, even with your own Rights Management Server, it may be possible to change your identity in PowerPoint at runtime, in which case the above approaches probably would not yield the desired results (I did not investigate this any further).
I the end, I had to come up with a workaround that tests the permissions I need by trying to run some representative API call and then checking if the call failed.
Thank you for your contributions,
Volker
今天,我收到了 Microsoft 的附加答复(仍然涉及 SRQ091221600157),这实际上似乎解决了问题,至少在我的特定情况下是如此。这种方法仍然听起来像是一种解决方法,并且没有文档可以证实它确实有效,但它似乎足够合理并且可以承受一些临时测试。而且,与我想出的任何其他解决方法相比,它感觉不那么不完整。它是这样的:
只有具有 msoPermissionFullControl 的用户才能看到其他用户的权限(未记录的假设)。因此,如果用户没有 msoPermissionFullControl,则 Permission 集合仅包含一项,并且此项反映当前用户的权限。如果权限集合包含多个项目,则意味着当前用户必须具有 msoPermissionFullControl。另外,当前用户必须在 Permission 集合中可见,但仍然无法找出 Permission 集合中的哪个身份代表当前用户。
Today I received an additional answer from Microsoft (still regarding SRQ091221600157) which actually seems to solve the problem, at least in my particular instance. This approach still smells like work-around and there is no documentation that would confirm that it actually works, but it seems plausible enough and withstands some ad-hoc tests. And, it feels much less patchy than any other work-around I came up with. It goes like this:
Only users with msoPermissionFullControl can see permissions of other users (undocumented assumption). Thus, if a user does not have msoPermissionFullControl, the Permission collection contains exactly one item and this item reflects the current user's permissions. If the permission collection contains multiple items, this means that the current user must have msoPermissionFullControl. Also, the current user must be visible in the Permission collection, but there is still no way to find out which of the identities in the Permission collection represents the current user.