Determining what the user can execute - VisualCron - Forum

Community forum

Please note that VisualCron support is not actively monitoring this community forum. Please use our contact page for contacting the VisualCron support directly.

Bob Silva

With the API I can connect to the server, get the list of jobs and execute them. Nice!

If I don't have permission to execute a particular job and I attempt to execute that job, it does not run. Good.

Now, I would prefer to not even display a job in my web client if I don't have the permissions to execute it.

If I understand the security model correctly, if any of the groups of which I am a member has the Execute Jobs permission checked, I can execute any job except those jobs where all my groups are specifically denied.

Conversely, if all my groups Execute Jobs checkboxes are cleared, I can only execute jobs where one of my groups has been specifically granted the execute permission.

So, assuming I have that correct, I need to locate this information in the API.

When I examine the Server object, I see Server.Client.User.Groups which gives me a list of GUIDs corresponding to the groups of which I am a member. While that is a good starting point, I need to know if any of those groups grant me that global Execute Job permission.

When I examine the JobClass object, I see GroupOverride which will give me GroupID and OverrideSettings which is another piece of the puzzle. However, I can't seem to find all the pieces to get a complete permission picture.

I know the VC Client is written using the VC API and I do see all the information in the VC Client. I'm just not seeing it all when I use the API. The API documentation seems out of date as I'm not finding some of the objects I've just described therein.

So. Whew. How can I determine which jobs I (the logged in user) can execute?

Forum information
When and if we implement prevention of users "seeing"/reading Jobs this also means that the API will never know about this Jobs. Because if you connect as a specific user that does not have "seeing" rights it should not see them. And that might be a problem.

You can use the serverObj.Permissions.Check( method to check permissions.
Please like  VisualCron on facebook!
Bob Silva
Hi Henrik,

No, I'm not advocating changing the API. I just wanted a way to determine if the logged in user can execute the job, before giving them a button to do so. So, I wanted a List of JobClass'es they could, in fact, execute. Your advice was the answer.

So, basically, the code to return that list looks like this:

Client c = new Client();
Server s = new Server();

Connection conn = new Connection();
conn.UseADLogon = true;
conn.Address = VCServer;
conn.ConnectionType = Connection.ConnectionT.Remote;

s = c.Connect(conn, true);
List<JobClass> jcl = s.Jobs.GetAll();

foreach (JobClass jc in jcl)
if (s.Permissions.Check(SecPermissionsClass.PermissionT.Jobs, SecPermissionsClass.ActionT.Execute, jc.Id) != Permissions.PermissionResultT.Granted)


return jcl;

Scroll to Top