Syensqo IS - Customer Support

Page tree

Introduction

This page explains how to to investigate about access rights.

Prerequisite

In order to investigate you must have have access to the administration interface: https://sinequa-prod.syensqo.com/admin

The search interface https://ehs-all-search.syensqo.com/search allow you to see all docs (also confidential docs) and jump to the xECM interface.

To allow you to see all docs in Sinequa even if you don't have access in xECM you must change this mapping rule in the Domain mappings: https://sinequa-prod.syensqo.com/form?form=mappings&datatype=mapping&dataname=

Domain mappings are used to match users and/or groups from different security domains together.






This rule says:

The user boll5460 of the LDAP is mapped to the xECM group #1000 (=Admin) 

The id of the group is in this file: E:\sinequa\data\configuration\domains\xECM_Production\xECM\content.xml (populated by the Domain/partition /xECM_Production/xECM/ imported from xECM) :


Check if the documents is confidential

Goto https://ehs-all-search.syensqo.com/ and search for the confidential doc .

Ex: search for Supersol ADMU V2


Click on Document in cache:

If you don't see in the access list the xecm_production|everyone item it means that this document can not be viewed to all employees.


Check access rights of the users

Solution #1

Open a Windows session on the server and execute this command:

D:\sinequa\website\bin\scmd SCUserMembership BE05407 xECM_Production

This command will calculate the effective access rights in Sinequa for the user BE05407 in the Domain xECM_Production.

Have a look at section Member of for the standard user BE05407:

 

Compare with the user JLAY having additional rights in xECM:


The user is member of the xECM groups:

  •  ehs_bu02_admin (xecm_production|781179)
  • ehs_bu02r_admin (xecm_production|777442)


So this user can see documents authorised to the groups ehs_bu02_admin  & ehs_bu02r_admin 

If the user doesn't have specific access to xECM groups an access request must be done to the xECM team.


Solution #2

To avoid to open a session on the Sinequa server I created the Sinequa command scusermembership

This command will run this script (G:\scripts\SCUserMembership.cmd) on the Sinequa server:


@Echo on

echo %date% > G:\scripts\output\index.html
echo %time% >> G:\scripts\output\index.html
 

echo|set /p="<pre>" >> test.txt>> G:\scripts\output\index.html
call D:\sinequa\website\bin\scmd.exe SCUserMembership %1 %2 >> G:\scripts\output\index.html
echo|set /p="</pre>" >> G:\scripts\output\index.html

To use it, modify the Arguments field of the Sinequa command:

Argument #1 = login of the user
Arguments #2 = Sinequa domain (xECM_Production for xECM but can be LDAP for other investigations)

Run the command.

Then open the page https://sinequa-prod.syensqo.com/output/index.html that contains the result of the command:


The best way to get IT support is to use the new Service One Platform.