I'm trying to check and see if a specific user has permissions on a specific Service Application, but I'm not having much luck. So far, I have managed to check if the current user has permissions with code similar to the following:
SPCentralAdministrationSecurity security = serviceApp.GetAdministrationAccessControl();
var acl = security.ToAcl();
bool hasAccess = acl.DoesUserHavePermissions(SPCentralAdminRights.FullControl);
However, like I said, I need to check the permission of a specific user, not necessarily the current user. Does anyone know of a way to accomplish this?
Edit:
I somehow didn't realize that acl was actually a list. I looped through it to find the administrators for the service application, which is half the battle! But I still need to find the accounts listed under Permissions to see which accounts have access to invoke the service app. Any help is appreciated.
After some more research, I've found an answer! Here's the detailed code:
foreach (SPService service in SPFarm.Local.Services)
{
if (service.Name.Equals("ServiceName"))
{
foreach (SPServiceApplication serviceApp in service.Applications)
{
//This gets the service app administrators
SPCentralAdministrationSecurity serviceAppSecurity = serviceApp.GetAdministrationAccessControl();
SPAcl<SPCentralAdministrationRights> adminAcl = serviceAppSecurity.ToAcl();
foreach (SPAce<SPCentralAdministrationRights> rights in adminAcl)
{
//Handle users
}
//This gets the users that can invoke the service app
SPIisWebServiceApplication webServiceApp = (SPIisWebServiceApplication) app;
SPIisWebServiceApplicationSecurity webServiceAppSecurity = webServiceApp.GetAccessControl();
SPAcl<SPIisWebServiceApplicationRights> invokerAcl = webServiceAppSecurity.ToAcl();
foreach (SPAce<SPIisWebServiceApplicationRights> rights in invokerAcl)
{
//Handle users
}
}
}
}
