Security Scripts and Functions

TargetDirectory Object
User and Group Objects
HOST Object
- User and Group Mapping Functions
- Access Control Scripts and Functions

TargetDirectory Object

Functions Supported by All Target Directories

Function	Input Parameters (Type)	Return (Type)	Description
`GetUserByDisplayIdentifier()`	ByVal displayIdentifier (String)	IUser	Retrieves a user from the configured target directory by a user-friendly identifier used on the administration UI as well as show users If the user is not found, then the null value is returned
`GetUserByInternalIdentifier()`	ByVal internalIdentifier (String)	IUser	Retrieves a user from the configured target directory by an internal identifier (GUID, SID, etc) If the user is not found, then the null value is returned
`GetGroupByDisplayIdentifier()`	ByVal displayIdentifier (String)	IGroup	Retrieves a group from the configured target directory by a user-friendly identifier used on the administration UI as well to show users If the user is not found, then the null value is returned
`GetGroupByInternalIdentifier()`	ByVal internalIdentifier (String)	IGroup	Retrieves a group from the configured target directory by an internal identifier (GUID, SID, etc) If the user is not found, then the null value is returned

Functions Supported by Active Directory

Function	Input Parameters (Type)	Return (Type)	Description
`GetGroupByAttribute()`	ByVal attribute (String) ByVal value (String)	ADGroup	Retrieves a group by the specified attribute and value If the group is not found, then the null value is returned
`GetGroupByDistinguishedName()`	ByVal distinguishedName (String)		Retrieves a group by distinguishedName If the group is not found, then the null value is returned
`GetGroupByName()`	ByVal name (String)		Retrieves a group by name in either format: 'netbiosname\username' 'username@domain' Only the full domain name like 'mydomain.local' is supported If the group is not found, then the null value is returned
`GetGroupBySID()`	ByVal sid (String)		Retrieves a group by SID If the group is not found, then the null value is returned
`GetUserByAttribute()`	ByVal attribute (String) ByVal value (String)	ADUser	Retrieves a user by the specified attribute and value. If the user is not found, then the null value is returned
`GetUserByEmailAddress()`	ByVal emailAddress (String)		Retrieves a user by email address If the user is not found, then the null value is returned
`GetUserByName()`	ByVal name (String)		Retrieves a user by name in either format: 'netbiosname\username' 'username@domain' If the user is not found, then the null value is returned
`GetUserBySID()`	ByVal sid (String)		Retrieves a user by SID If the user is not found, then the null value is returned

Functions Supported by Azure Active Directory

Function	Input Parameters (Type)	Return (Type)	Description
`GetGroupByAttribute()`	ByVal attribute (String) ByVal value (String)	AADGroup	Retrieves a group by the specified attribute and value If the group is not found, then the null value is returned The specified attribute must also be added to the properties to load text box on the Target Directory Configuration page
`GetGroupByEmail()`	ByVal emailAddress (String)		Retrieves a group by email address If the group is not found, then the null value is returned
`GetGroupByID()`	ByVal id (String)		Retrieves a group by Azure Active Directory ID If the group is not found, then the null value is returned
`GetUserByAttribute()`	ByVal attribute (String) ByVal value (String)	AADUser	Retrieves a user by the specified attribute and value If the user is not found, then the null value is returned. The specified attribute must also be added to the properties to load text box on the Target Directory Configuration page
`GetUserByEmailAddress()`	ByVal emailAddress (String)		Retrieves a user by email address. If the user is not found, then the null value is returned
`GetUserByID()`	ByVal id (String)		Retrieves a user by Azure Active Directory ID If the user is not found, then the null value is returned
`GetUserByName()`	ByVal name (String)		Retrieves a user by display name If the user is not found, then the null value is returned
`GetUserByUPN()`	ByVal upn (String)		Retrieves a user by userPrincipalName in the format: 'username@domain.onmicrosoft.com' Only the full domain name like 'mydomain.local' is supported If the user is not found, then the null value is returned

User and Group Objects

Properties Supported by All Target Directories

Property	Type	Description
`Disabled`	Boolean	Indicated that the user or group is disabled in the target directory.
`DisplayIdentifier`	String	A user-friendly identifier which is used to display the user or group on the administration UI. Format depends on the configured target directory.
`InternalIdentifier`	String	An internal identifier what is typically used to store in ACLs inside the search index. (Its format depends on the configured target directory)

Properties Supported by Active Directory

Property	Type	Description
`DistinguishedName`	String	LDAP specific identifier.
`Name`		Name in 'domain\user' format.
`SID`		Active Directory specific security identifier.

Properties Supported by Azure Active Directory

Property	Type	Description
`AdditionalAttributes`	Dictionary<String, object>	A list of additional properties loaded for a user/group during the request. The additional properties must be specified in the Azure Active Directory Target configuration page in the 'Properties to load' text box.
`DeletedDateTime`	DateTime	AAD Group only: Specifies the date the group was deleted.
`DisplayName`	String	User/Group display name.
`ID`		Azure Active Directory specific security identifier.
`Mail`		User/Group email address.
`OnPremisesSecurityIdentifier`		The SID of a user/group synchronized with On-Premise active directory.
`UserPrincipalName`		AAD User only: Specifies the user principal name.

HOST Object

User and Group Mapping Functions

The following table contains all the security mapping related functions of the HOST object:

Function	Input Parameters (Type)	Return (Type)	Description
`GetCount()`		Integer	Returns the index of current user or group.
`GetSystemActive()`		Boolean	Retrieves the "active" status.
`GetSystemId()`		String	Retrieves the unique identifier of user or group returned by connector.
`GetSystemName()`			Retrieves the name of user or group returned by connector from the source system.
`GetTargetDirectoryId()`			Retrieves the target directory specific identifier returned by connector.
`GetValue()`	ByVal key (String)		Retrieves the custom property of the user or group returned by the connector.
`RemapBySystemName()`			Re-maps the current group to an existing group. This is a group load-only feature.
`SetSystemActive()`	ByVal (Boolean)		Sets the "active" status.

Access Control Scripts and Functions

Function	Input Parameters (Type)	Return (Type)	Description
`GetSecDesc()`		Byte()	Returns the security descriptor.
`SetSecDesc()`	ByVal sd (Byte())	Byte()	Sets the security descriptor.
`CheckIsPublic()`		Boolean	Retrieves the item Public status.
`SetIsPublic()`	ByVal iPublic (Boolean)		Sets the item Public status.
`AddUser()`	ByVal id (String) ByVal grant (Boolean)		Adds a user by system ID. To add the user with granted access, set Grant to true. To add the user with denied access, set Grant to false.
`AddGroup()`	ByVal id (String) ByVal grant (Boolean)		Adds a group by system ID. To add the group with granted access, set Grant to true. To add the group with denied access, set Grant to false.
`AddUser()`	ByVal id (String) ByVal lvl (Integer) ByVal grant (Boolean)		Adds a user by system ID to a specific level for multi-level security. To add the user with granted access, set Grant to true. To add the user with denied access, set Grant to false.
`AddGroup()`	ByVal id (String) ByVal lvl (Integer) ByVal grant (Boolean)		Adds a group by system ID to a specific level for multi-level security. To add the group with granted access, set Grant to true. To add the group with denied access, set Grant to false.
`RemoveUser()`	ByVal id (String) ByVal grant (Boolean)		Removes a user by System ID from the ACL
`RemoveGroup()`	ByVal id (String) ByVal grant (Boolean)		Removes a group by System ID from the ACL
`AddTargetUser()`	ByVal user (IUser) ByVal grant (Boolean)		Adds a user retrieved from the target directory.
`AddTargetUser()`	ByVal user (IUser) ByVal lvl (Integer) ByVal grant (Boolean)		Adds a user retrieved from the target directory to a specific level for multi-level security.
`AddTargetGroup()`	ByVal group (IGroup) ByVal grant (Boolean)		Adds a group retrieved from the target directory.
`AddTargetGroup()`	ByVal group (IGroup) ByVal lvl (Integer) ByVal grant (Boolean)		Adds a group retrieved from the target directory to a specific level for multi-level security.
`ClearAll()`			Clears all users/groups access.
`GetGrantGroupIDs()`		String()	Granted groups IDs.
`GetGrantUserIDs()`		String()	Granted users IDs.
`GetDenyGroupIDs()`		String()	Denied groups IDs.
`GetDenyUserIDs()`		String()	Denied users IDs.