We integrated Milestone with MIP SDK 3.6, and we are trying to control the access to groups of cameras for specific users.
The problem is that even though we removed permissions for those users to see determined cameras they are still listed.
Login is done with
VideoOS.Platform.SDK.Environment.Login(uri, true);
and then we search
static List FindAllCameras(List folders)
{
List<Item> result = new List<Item>();
foreach (Item item in folders)
{
if (item.FQID.FolderType == [FolderType.No](https://FolderType.No))
{
if (item.FQID.Kind == Kind.Camera)
result.Add(item);
}
else
{
if (item.FQID.Kind == Kind.Server || item.FQID.Kind == Kind.Camera || item.FQID.Kind == Kind.Folder)
result.AddRange(FindAllCameras(item.GetChildren()));
}
}
return result;
}
When you have removed a camera you will have to do a new login, otherwise you are still working on the old copy of the configuration.
Might this explain the issue?
I am not aware of any known issue that fits but it is generally strongly recommend that you use the newest MIP SDK available when developing. Can you please try with the newest MIP SDK?
Hi,
Thanks for your reply. We do a new login at each request and even if we force a login the list is the same. I tried to ask for video and we also have access to video
I suppose the permissions are configured on the groups settings? Does the SDK requests comply with the permissions defined on groups? On the Milestone client only appear the cameras that the user has access.
We currently plan to update to the newest MIP SDK but since its base x64 and our product was x32 we are going to take a little longer to do it and our client consider this is a very serious security issue.
Thanks for your help,
*Bruno Marta*
Project Manager
bmarta@agorasystems.com
Office (PT): +351 213 162 144 | Mobile (PT): +351 914 536 720
Rua da Cova da Moura, n. 2
<https://maps.google.com/?q=Rua+da+Cova+da+Moura,+n.+2&entry=gmail&source=g> -
3º Esq. | 1350-117 Lisbon - Portugal
www.agorasystems.com
LinkedIn <https://www.linkedin.com/company/agorasys>| Twitter
<https://twitter.com/SystemsAgora>
Milestone Developer Forum <noreply@milestonesys.com> escreveu no dia
quarta, 30/01/2019 à(s) 12:57:
Hi,
Thanks for your reply. We do a new login at each request and even if we force a login the list is the same. I tried to ask for video and we also have access to video
I suppose the permissions are configured on the groups settings? Does the SDK requests comply with the permissions defined on groups? On the Milestone client only appear the cameras that the user has access.
We currently plan to update to the newest MIP SDK but since its base x64 and our product was x32 we are going to take a little longer to do it and our client consider this is a very serious security issue.
Thanks for your help,
Bruno
If you restart your application instead of the new login, does it work?
When you do the new login, do you RemoveServer followed by an AddServer?
static void VideoOS.Platform.SDK.Environment.RemoveServer ( Guid id)
https://doc.developer.milestonesys.com/html/index.html?base=sdkhelp/class_video_o_s_1_1_platform_1_1_s_d_k_1_1_environment.html#a54e7b60bff505b7101797d34968df7aa&tree=tree_search.html?search=removeserver
I would like to know the product and version of the XProtect you are working with?
If you are working with a c-code XProtect please investigate the following: Permissions is assigned to Roles. Roles are essentially groups. One thing I would like you to investigate: If you in the Management Client find and right-click on the Roles node you can open an Effective Roles tool. Please use this tool to investigate whether the user with the issue is member of multiple groups?
On 32 bit development: https://developer.milestonesys.com/s/article/Processor-architecture-compatibility-for-the-Milestone-Integration-Platform-MIP-SDK
Solved!
Thanks the Effective Roles tool really helped us to check that the user was actually in an administrator group which had permissions to all cameras.
Thank you!