复杂的SQL来查看组中的角色?

时间:2014-01-23 17:45:12

标签: sql ms-access ldap

第一篇文章.... 我正在尝试将角色映射到LDAP组成员资格,并希望我能得到一些如何分析这个的帮助吗?

一个角色由一组12个组中的1到12个组组成 角色只能拥有一个特定的组。
我认为用户可能有多个角色,他们可能不应该,但他们可能会。例如:

角色|组(S)
服务台|密码重置
安全|密码重置,启用用户
接待|启用用户,禁用用户

我的数据格式为

用户|集团
SmithA |密码重置
SmithA |启用用户
BloggsJ |密码重置
MouseM |启用用户
MouseM |禁用用户

从中您可以看到用户具有以下角色 用户|角色
SmithA |安全
BloggsJ |服务台
MouseM |接收

我可以修改第一个表格,使其更有用,例如将组分成多行,如下例所示:

角色|组(S)
服务台|密码重置
安全|密码重置
安全|启用用户
接待|启用用户
接待|禁用用户

我正在构建一个用户角色列表所需的SQL,并且有一种可怕的感觉我错过了显而易见的东西。 我正在使用MS Access,这不是一个家庭作业:) 感谢

2 个答案:

答案 0 :(得分:0)

以下是我用来查看LDAP的内容。我从---

得到了想法

'TSQL: How to get a list of groups that a user belongs to in Active Directory

'仅供参考,以获取GetObject调用中使用的域列表 “先跑这个看看那里有什么

Dim objNameSpace
Dim Domain
Set objNameSpace = GetObject("WinNT:")
For Each Domain In objNameSpace
   Debug.Print Domain.Name
Next
Exit   ' comment out after first time.

每周例行

' initialize   needs reference   Excel 
Dim rc As Long, sFile As String, xls As Excel.Application
' your routine to get an output file name  as sFile
' your routine to create XLS app and open an empty workbook named sFile and make sheet name


' add column headings in row 1
Dim nRow As Long, nCol As Long
Dim sHeading As Variant, myHeadings() As Variant: myHeadings = Array("User", "Group", "yourField3", "yourField4", "Count")
nRow = 1
nCol = 0
For Each sHeading In myHeadings
    nCol = nCol + 1
    xls.ActiveSheet.cells(1, nCol) = myHeadings(nCol - 1)
Next sHeading

' needs reference   "Active DS Type Library"
Dim sGroup As Variant, myGroups() As Variant: myGroups = Array("yourGroup1", "yourGroup2")
' get each group
For Each sGroup In myGroups

    Dim IGroup1 As IADsGroup, IUser1 As IADsUser
    Set IGroup1 = GetObject("WinNT://" & "yourDomain" & "/" & sGroup & ",group")

    ' get each user in that group
    For Each IUser1 In IGroup1.Members

        If (Mid$(IUser1.Name, 1, 6) <> "userToBypass") Then

            Dim IGroup2 As IADsGroup, IUser2 As IADsUser
            Set IUser2 = GetObject("WinNT://" & "yourDomain" & "/" & IUser1.Name & ",user")

            ' get each group for that user
            For Each IGroup2 In IUser2.Groups

                If (Mid$(UCase(IGroup2.Name), 1, 13) <> "GroupToBypass") Then
                    nRow = nRow + 1
                    xls.ActiveSheet.cells(nRow, "A") = IUser2.Name
                    xls.ActiveSheet.cells(nRow, "B") = IGroup2.Name
                    xls.ActiveSheet.cells(nRow, "C") = "yourField3"
                    xls.ActiveSheet.cells(nRow, "D") = "yourField4" ' e.g. IUser2.Role ??
                    xls.ActiveSheet.cells(nRow, "E") = 1
                End If
            Next IGroup2

        End If
    Next IUser1
Next sGroup

' IADs cleanup
Set IGroup2 = Nothing
Set IUser2 = Nothing
Set IGroup1 = Nothing
Set IUser1 = Nothing

现在你已经在Excel中使用了它,你可以进行PIVOT或过滤或只列出

早上1点25分 - AHA,请忽略上面的代码,因为我以为你要去LDAP获取这些信息。但由于它已经在一个表中,并且让我们使用以下SQL - 

SELECT UserGroup.User, UserGroup.Group, RoleGroup.Role
FROM UserGroup LEFT JOIN RoleGroup ON UserGroup.Group = RoleGroup.Group
ORDER BY UserGroup.User, RoleGroup.Role;

它返回 - 

User    Group           Role
BloggsJ Password Reset  Helpdesk
BloggsJ Password Reset  Security
MouseM  Disable User    Reception
MouseM  Enable User     Reception
MouseM  Enable User     Security
SmithA  Password Reset  Helpdesk
SmithA  Enable User     Reception
SmithA  Enable User     Security
SmithA  Password Reset  Security

答案 1 :(得分:0)

解决了......我想......令人惊讶的是淋浴时头上的热水是什么。 a)从角色表中计算每种角色类型的行数。 b)在角色和LDAP表之间进行组连接。 c)计算每个角色的不同用户出现的次数。 d)如果该计数与每个角色的组数相同,那么它就是一个匹配。

我稍后会对其进行编码,现在就开始铺设屋顶。

相关问题
最新问题