Applying Permissions with MSI’s LockPermissions Table

When you set permissions with the Wise GUI as in the previous article, you are really just adding entries to the MSI’s LockPermissions table. You may find it easier or faster to add the entries you want directly into the table. Here’s how:

Go to the Setup Editor pane and the Tables tab, and select the LockPermissions table from the list on the left. The first two columns, LockObject and Table, specify which object this is going to apply to. To set rights on a file, choose “File” as the value in the second column and the name of the file object as its listed in the File table for the LockObject column (in database terms, this is a foreign key referring to a line in the other table, so it must be a valid value from that table). For a folder, you’ll need to create the folder via the CreateFolder table, then you can specify its name (foreign key) as the LockObject and “CreateFolder” as the referent table.

The next two columns are the Domain and Username for the ACE; note that the Domain value can be blank but the User cannot. Finally, the last column is the Permissions, specified as a large integer. On my system, I see full privileges listed as “-267451905” and change privileges as “-536673793”, but you might want to check this on your system by manually configuring one entry in the GUI then copying its values in the LockPermissions table for the others you want to set.

Keep in mind that the same critical rule applies here as in the GUI: the permissions you set in the LockPermissions table completely replace the existing or default permissions on the file. So be certain to configure the SYSTEM and Administrators groups as well as your target user group!

It is recommend that you read up on the LockPermissions table before manually making changes here$mdash;know what you’re doing before you try it!