Exporting the rights assigned to KCS users in CSV format
Article # 3036123 - Page views: 62
Issue
As a KCS Administrator user I would like to get a list of KCS rights assigned to different users, to see if there are KCS users having assigned more rights than necessary for their work. How can I get such an export of KCS users and their assigned rights?
Solution
There is no built-in tool, which is able to provide such a list of KCS user rights assigned to different KCS users.
But the attached TFC script KCSExportUserRights.vbs is able to create a CSV file showing the rights assigned to each KCS user.
Steps to use this tool
- Copy the attached KCSExportUserRights.vbs to a machine where the KCS TCFW Communication Server Client is installed
- The Script uses the VBScript scripting host (32-bit version, available on all machines), TFC.DLL with dependend modules (TCSI32.DLL, TCLIB32.DLL,..) and the TCFW Login control (TCLogin.ocx)
- It requires a KCS TCFW License to login into KCS
- Start the script by double-clicking the KCSExportUserRights.vbs file in Windows Explorer
On a 64-bit operating system the script will automatically start the script with the 32-bit scripting host. This is necessary because also TFC.DLL is only available as 32-bit DLL - A popup dialog opens asking for the filename, where the export should be saved, default value is KCSExportUserRights.csv located in the same folder from where the VBS script was started.
But you can also specify a full path to a file name, e.g. C:\Temp\MyUserRightsExport.txt - Afterwards you see the standard KCS TCFW Login dialog
If multiple servers are configured select the corresponding KCS Server from the dropdown list.
Login with an administrative user (e.g. TCTECH), who has the rights to read the System user profiles and the System address book - Afterwards you will get a popup box with the label shown below, asking for the user filter.
Please enter the filter for the user profiles. Use * to export the rights for all users
The default value * will export the rights for all users, but you might enter also a filter string with or without wildcards, e.g.
Admin to export the rights for one user Admin or
Exch* to export the rights for all users which start with Exch in their userID. - Afterwards the export starts.
Please note: If the same export file name does already exist (e.g. from a previous export) it will be silently overwritten
The export will take a while (approximately 70..90 seconds for exporting 1000 users).
When the export is finished you will get a popup box, how may users have been exported, e.g.
224 User(s) exported to 'KCSExportUserRights.csv' - If the output file is locked, e.g. because it is opened in Microsoft Excel, you will get an error message:
Error opening output file KCSExportUserRights.csv
Please close any application, which has opened the file and restart the application. - Afterwards you can open the generated export file in Excel.
Select the first line containing the header descriptions. Choose the context menu options Format cells and select the Alignment tab.
Set the alignment to 90 degrees to show the description lines vertically and the set the Horizontal text alignment to Left
Afterwards you might reduce the height of the first row and resize the size of each colum by selecting all cells (click into the field near cell A1) and double-clicking the column size.
Additionally you might freeze the first line showning the descriptions and the first column showing the user names. Click into cell B2 and select View - Freeze Panes
Which information and KCS user rights are exported to the CSV file?
The export shows User information and access rights in more than 100 columns. See below the detailed overview and possible values shown for each access right:
General user information:
| Column description | Shown values |
|---|---|
| UserID | UserID (short name) of the user |
| Fullname | Fullname of the user |
| Department | Department assigned to this user |
| Company | Company assigned to this user |
| Representative | Representative assigned to this user |
| Group | Group assigned to this user |
| Location | Location assigned to this user |
User rights shown in the General Tab of the KCS user profile
| Column description | Possible values |
|---|---|
| Visible in Outbox | X if enabled, otherwise blank |
| Change own Password | X if enabled, otherwise blank |
| Password never expires | X if enabled, otherwise blank |
| Lock account | X if enabled, otherwise blank |
| Dirsync Allowed | X if enabled, otherwise blank |
| Reject all Messages | X if enabled, otherwise blank |
| Logging of all send attempts | X if enabled, otherwise blank |
| Number locking | X if enabled, otherwise blank |
User rights shown in the Rights Tab of the KCS user profile:
| Column description | Possible values |
|---|---|
| R/W FIS Folder | R (Read), RW (Read and Write) or blank (no access) |
| R/W Own Message Folder | R (Read), RW (Read and Write) or blank (no access) |
| R/W Group Message Folder | R (Read), RW (Read and Write) or blank (no access) |
| R/W System Folder | R (Read), RW (Read and Write) or blank (no access) |
| R/W User Address Book | R (Read), RW (Read and Write) or blank (no access) |
| R/W Group Address Book | R (Read), RW (Read and Write) or blank (no access) |
| R/W All private Address Books | R (Read), RW (Read and Write) or blank (no access) |
| R/W System Address Book | R (Read), RW (Read and Write) or blank (no access) |
| R/W Own User profile | R (Read), RW (Read and Write) or blank (no access) |
| R/W Group User profiles | R (Read), RW (Read and Write) or blank (no access) |
| R/W System User profiles | R (Read), RW (Read and Write) or blank (no access) |
| Tech User | X or X(Admin) if enabled, otherwise blank |
| Server rights | X if enabled, otherwise blank |
| Services | X if enabled, otherwise blank |
| Registrations/Licenses | X if enabled, otherwise blank |
| Change Sender | X if enabled, otherwise blank |
| Reporting | X if enabled, otherwise blank |
| May mark complete | X if enabled, otherwise blank |
| Metamail | X if enabled, otherwise blank |
| LAN Login | X if enabled, otherwise blank |
| Terminate Incoming | X if enabled, otherwise blank |
| Change cost center | X if enabled, otherwise blank |
| Extended folder view | X if enabled, otherwise blank |
| Preferences | X if enabled, otherwise blank |
| Save as Cover (Modify cover sheets) | X if enabled, otherwise blank |
| May be impersonated by another user (May use as a role) | X if enabled, otherwise blank |
| Inbox (Group members) | blank (no access), List, Open or List+Open |
| Inbox (All users) | blank (no access), List, Open or List+Open |
| Outbox (Group members) | blank (no access), List, Correct, Open or a combination of all three options, e.g. List+Open |
| Outbox (All users) | blank (no access), List, Correct, Open or a combination of all three options, e.g. List+Open |
| Message Folder (Group members) | blank (no access), List, Open or List+Open |
| Message Folder (All users) | blank (no access), List, Open or List+Open |
| Enter number directly (Always) | X if enabled, otherwise blank |
| Enter number directly for Correct | X if enabled, otherwise blank |
| Restricted use of services | X if enabled, otherwise blank |
| Restr. use of service: Services without restriction | A list of all service names (comma separated) for which the user has the rights "without restriction" |
User rights shown in the Distributor Tab of the KCS user profile
| Column description | Possible Values |
|---|---|
| Distributor mode enabled | X if enabled, otherwise blank |
| Distributor queue | Distributor queue name, e.g. DIST |
| Dist: View first page only | X if enabled, otherwise blank |
| Dist: Print enabled | X if enabled, otherwise blank |
| Dist: Save as enabled | X if enabled, otherwise blank |
| Dist: Terminate enabled | X if enabled, otherwise blank |
| Dist: Split messages | X if enabled, otherwise blank |
| Dist: Change message content | X if enabled, otherwise blank |
| Dist: View system keys | X if enabled, otherwise blank |
| Dist: Edit system keys | X if enabled, otherwise blank |
User rights shown in the Authorize/Sign Tab of the KCS user profile:
| Column description | Possible Values |
|---|---|
| Auth: May authorize | X if enabled, otherwise blank |
| Auth: Change options and reference | X if enabled, otherwise blank |
| Auth: Change message content | X if enabled, otherwise blank |
| Auth: Authorize without signing | X if enabled, otherwise blank |
| Auth: Change recipients | X if enabled, otherwise blank |
| Auth: Enter/edit test key | X if enabled, otherwise blank |
| Auth: Authorize own messages | X if enabled, otherwise blank |
| Auth: Show authorizer recipient in TC/WEB | No, View or Edit |
User rights shown in the TC/Broadcast and FAXPlus Tabs of the KCS user profile:
| Column description | Possible Values |
|---|---|
| Broadcast: User can send jobs | X if enabled, otherwise blank |
| Broadcast: Intercept on error | X if enabled, otherwise blank |
| Broadcast: Send error report | X if enabled, otherwise blank |
| Broadcast: Resend failed messages | X if enabled, otherwise blank |
| Broadcast: Include details for successful transmission | X if enabled, otherwise blank |
| Broadcast: Include details for unsuccessful transmission | X if enabled, otherwise blank |
| FaxPlus: Enable administration of FAXPlus members | X if enabled, otherwise blank |
User rights shown in the TC/WEB Navigation Tab of the KCS user profile:
| Column description | Possible Values |
|---|---|
| TC/Web Navigation: Compose Message | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/WEB Navigation: Inbox | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/WEB Navigation: Outbox | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Navigation: Public folder | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Navigation: Private folder | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Navigation: Archive folder | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Navigation: System folder | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Navigation: Options menu | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Navigation: Info link | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Navigation: Message history | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Navigation: Distribution list maintenance | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Navigation: FAX OCR cover sheet | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Navigation: Job monitoring | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Navigation: Compose job | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
User rights shown in the TC/WEB Options Tab of the KCS user profile:
| Column description | Possible Values |
|---|---|
| TC/Web Options: Identity | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Options: Change Password | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Options: Settings | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Options: Job Status Reports | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Options: Voice settings | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Options: Address | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Options: Events | Blank (means "default from TC/WEB registry settings"), "Show" or "Hide" |
| TC/Web Options: Administer users | Access level (none, Group users: or All users:) followed by the access rights in this level: none, User List, User Switch, Change Password e.g. All users: User list, User switch, Change Password |
User rights shown in the TC/WEB Identity Tab of the KCS user profile:
| Column description | Possible Values |
|---|---|
| TC/Web Identity: Modify Group | Read and Write access method: - no access - Read: <level>, Write: <level> - Read+Write for <level> levels are: - Own user, - Group users, - All users. Examples: Read+Write for Group users Read: Own user, Write: no access |
| TC/Web Identity: Modify Location | same values as for "Modify Group" |
| TC/Web Identity: Modify Representative | same values as for "Modify Group" |
| TC/Web Identity: Modify Cost center | same values as for "Modify Group" |
| TC/Web Identity: Modify Language | same values as for "Modify Group" |
| TC/Web Identity: Modify Time zone | same values as for "Modify Group" |
| TC/Web Identity: Modify Company,Department,Salutation,Fullname,Freetext,Address,Events | same values as for "Modify Group" |
Level of Complexity
Moderate,
Applies to
| Product | Version | Build | Environment | Hardware |
|---|---|---|---|---|
| Kofax Communication Server | 10.0 and higher |
References
Keywords: User export, Excel, CSV, VBS