2

Firstly, I don't even know whether the "user ID" is the correct term here.

The context is that I'm using VisualSVN Server to manage / administer access rights on my SVN repositories with Windows Authentication, and the authz-windows file it creates contains 45 character long strings instead of "human-readable" user or group names.

I need to edit this file by hand, so how do I find out what the magic string is associated with a particular user or group?

bahrep
  • 664
  • 1
  • 9
  • 27
detly
  • 192
  • 1
  • 3
  • 11
  • 1
    Upgrade your VisualSVN Server to the latest version and use new PowerShell cmdlets for such tasks: https://www.visualsvn.com/support/topic/00088/ – bahrep Jan 18 '16 at 17:25

2 Answers2

4

The authz-windows file maps Active Directory user and group SIDs (objectSid LDAP field).

But note that values of this field in AD stores as hexadecimal, so you can use some previous answers to determine assotiated user IDs.

(PowerShell example on StackOverflow.)

Community
  • 1
Max Kochubey
  • 1,191
  • 6
  • 8
  • I've since gotten around this by fixing whatever was wrong with WMI that prevented VisualSVN from running. But I'll give you the tick, since this looks like enough info to get me going if I need to do this again some day :) – detly Jul 10 '12 at 05:45
3

Update 2016:

Upgrade to the latest VisualSVN Server version. Beginning with VisualSVN Server 3.4, the server comes with a number of PowerShell cmdlets. Some of them like Get-SvnAccessRule can output the list of access rules assigned for Active Directory / Windows user and group accounts.

Here is an example for generating the access rules report in a CSV file AccessReport.csv:

Get-SvnAccessRule | Select Repository, Path, AccountName, Access | Export-Csv -NoTypeInformation AccessReport.csv

For the complete information about the VisualSVN Server PowerShell cmdlets read the article KB88: VisualSVN Server PowerShell Cmdlet Reference.

Outdated answer:

I agree with the answer of hangover and hope you will find the following VBScript helpful. It creates a list of the defined permissions and properly converts SIDs to meaningful and readable DOMAIN\Username.

'
' Print permissions in the form: user_name,path,level
'
strComputer = "."
Set wmi = GetObject("winmgmts:" _
  & "{impersonationLevel=impersonate}!\\" _
  & strComputer & "\root\VisualSVN")

Set win = GetObject("winmgmts:" _
  & "{impersonationLevel=impersonate}!\\" _
  & strComputer & "\root\cimv2")

' Return text representation for the Access Level
Function AccessLevelToText(level)
  If level = 0 Then
    AccessLevelToText = "No Access"
  ElseIf level = 1 Then
    AccessLevelToText = "Read Only"
  ElseIf level = 2 Then
    AccessLevelToText = "Read/Write"
  Else 
    AccessLevelToText = "Unknown"
  End If
End Function

' Return repository path for the object
Function GetPath(obj)
  cname = assoc.Path_.Class
  If cname = "VisualSVN_Service" Then
    GetPath = "Repositories Root"
  ElseIf cname = "VisualSVN_Repository" Then
    GetPath = assoc.Name
  ElseIf cname = "VisualSVN_RepositoryEntry" Then
    GetPath = assoc.RepositoryName & ": " & assoc.Path
  Else
    GetPath = "Unknown"
  End If
End Function

' Convert SID to user name
Function SidToUserName(sid)
  Set account = win.Get("Win32_SID.SID='" & sid & "'")
  user = account.AccountName
  domain = account.ReferencedDomainName
  SidToUserName = domain & "\" & user
End Function

' Return user name associated with account
Function GetAccountName(account)
  If account.Path_.Class = "VisualSVN_WindowsAccount" Then
    GetAccountName = SidToUserName(account.SID)
  Else
    GetAccountName = account.Name
  End If
End Function

' Iterate over all security descriptions
Set objs = wmi.ExecQuery("SELECT * FROM VisualSVN_SecurityDescriptor")
For Each obj In objs
  Set assoc = wmi.Get(obj.AssociatedObject)

  For Each perm in obj.Permissions
    name = GetAccountName(perm.Account)
    level = AccessLevelToText(perm.AccessLevel)

    Wscript.Echo name & "," & GetPath(assoc) & "," & level
  Next
Next
bahrep
  • 664
  • 1
  • 9
  • 27