Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.
Options

How do I revoke ViewerWithLink access using the API?

Jonathan ChampJonathan Champ Whiz Kid
in API

The IAccessManagement interface has a method GetSessionAccessDetails which returns a SessionAccessDetails object with a UsersWithDirectViewerAccess property. If there are people who have Viewer or ViewerWithLink access, then that property has a array of guid strings.

So there is no way to distinguish between people who have Viewer access and those who have ViewerWithLink access. But - in theory - that should be okay for my use case because there is only one method for revoking user access to a session: RevokeUsersViewerAccessFromSession. This method does not accept an AccessRole parameter, so that implies - to me at least - that the method will work for both the Viewer and ViewerWithLink access roles.

Instead, it fails with the message: No such aclEntry.

Am I doing something wrong / is there a correct way to do this? Is it a bug or gap in the API?

Please let me know,

Jonathan

Tagged:

Answers

  • Aishwarya HarpaleAishwarya Harpale Tyro

    Hello Jonathan,

    You are right about the GetSessionAccessDetails method which will return Users that have a Viewer or ViewerWithLink access. ie Users that have a SessionView permission granted on that session.


    Although the RevokeUsersViewerAccessFromSession will only revoke permission of Users that have a "Viewer" access role. It will not work for "ViewerWithLink" role.

    Are you trying to revoke both permissions or is this information enough for your use case to skip over "ViewerWithLink" user IDs returned from GetSessionAccessDetails?

    Thank you,
    - Aish

  • Jonathan ChampJonathan Champ Whiz Kid

    Hi @Aishwarya Harpale

    I have a script that programmatically revokes permissions for folders and sessions to remove all access from content. This was designed as part of our multi-phase cleanup process, but I am unable to revoke all of the access using the API.

    Sadly, no, I cannot skip over ViewerWithLink access because I need to remove all access. Plus, I cannot distinguish between Viewer and ViewerWithLink to be able to determine which ones are not manageable without trying the API call with "Viewer", catching the exception, and then assuming that they have "ViewerWithLink". However, I have seen some in the web UI that say "Link Viewer", which I have to assume is something different, but isn't anywhere in the AccessRole enum.

    If the RevokeUsersViewerAccessFromSession would revoke both Viewer and/or ViewerWithLink, that would make my life easier.

    I also want to be able to use RevokeUsersAccessFromFolder with "ViewerWithLink", but that fails when I try.

  • Aishwarya HarpaleAishwarya Harpale Tyro

    Hello Jonathan,

    I will file an internal work item for supporting RevokeUsersViewerAccessFromSession with a ViewerWithLink access role. Currently this is not supported by any of the SOAP API endpoints. Neither can you differentiate the two roles returned by GetSessionAccessDetails unless an exception is thrown by ViewerWithLink while revoking the permission.

    Also, please could you specify the error you get while using RevokeUsersAccessFromFolder?

    Best,

    Aish

  • Jonathan ChampJonathan Champ Whiz Kid

    Hello @Aishwarya Harpale,

    For RevokeUsersAccessFromFolder, it's the same errormessage: "No such aclEntry"

    For Viewer, I can send "Viewer" and it correctly revokes Viewer. For Viewer WIth Link, I send "ViewerWithLink" and it errors "No such aclEntry".

    I thought maybe I misspelled something, but when I try "ViewerwithLink" (notice the lowercase "with"), it says "An error occurred deserializing the message. See server logs for details". So I'm sending a valid role value.

Sign In or Register to comment.