Secure File Access
In this article, we will cover granting and denying access to files in AIMMS PRO Storage.
AIMMS PRO storage organizes access per entity, whereby an entity is a user or a group of users. We start with retrieving the set of entities and the group or user names associated with them. This can be done via the following call to system library AimmsProGUI:
guipro::PopulateEntitySets( addUniversalSets:1 );
This call fills the set guipro::PROEntity and the string parameters guipro::PROUserName and guipro::PROGroupName.
AIMMS PRO storage regulates file access per entity by assigning authorization strings to files and folders. Here an entity is a user or a group. An authorization string is a sequence of atomic authorization strings. An atomic authorization strings has the following format:
"#%i%s%e" whereby:
The
%iis an integer code for the access type, which is a combination (addition) of the following values:1 Execution access for objects (files/apps) and browse access for buckets (folders)
2 Write access
4 Read access
The
%sis either a"+"to indicate that access is allowed, or a"-"to indicate that access is denied. An access denial overrules all access granted.The %e is an element in the set
guipro::PROEntity, see above.
For example, on my AIMMS PRO system the group ‘planners’ correspond to entity ‘1408’,
and my friend Theo corresponds to entity ‘1792’.
Thus, to allow read/write access to Theo and read access to a planner for the file at hand, I use the following authorization string: "#4+1408" + "#6+1792".
To give Theo and the planners access to the data.txt input file, I should copy it as follows to AIMMS PRO storage:
pro::SaveFileToCentralStorage("c:\\Inputs\\data.txt", "pro:/publicdata/myapp/input/data.txt", "#4+1408" + "#6+1792" );
Note that when the third optional argument is not filled in, the file copied gets the access rights of the folder it is put in.
In the AIMMS PRO UI library, there are also helper functions to parse and build authorization strings,
called DeconstructAuthorizationString and ConstructAuthorizationString respectively.
These two functions are easy to use front-ends for the above atomic operations.
See also
Create PRO User Groups: covers authorization of AIMMS PRO users.
Upload and Download Files on AIMMS PRO: covers how to transfer files.