User deprovision with archive
Hello - I am working with the .NET SDK to try and deprovision user accounts according to this guide - https://developer.box.com/guides/users/deprovision/
I am able to get this to work just fine but I noticed with the CLI guide found at https://github.com/box/boxcli/blob/main/examples/User%20Deprovisioning/Users_Deprovision.ps1#L12 they move the new create user archive folder to a "Employee Archive" folder. I would like to do this but I am running into access is denied issues trying to move the folder.
I have tried to use an admin client and user client to move the folder. I have gone into the admin console and used the Log into this account and tried to move the folders manually and get the same access denied.
Are there special permission around these transferred folders and files that prevent them from being moved out of the root folder of the destination account?
Thank you.
Here is my simple code for reference:
// Transfer users content to current user's root folder before deleting user
BoxFolder movedFolder = await adminclient.UsersManager.MoveUserFolderAsync(boxUserId, DestBoxId, notify: false);
BoxFolderRequest request = new BoxFolderRequest();
request.Id = movedFolder.Id;
request.Parent = new BoxRequestEntity();
request.Parent.Id = ArchiveFolderId;
var moveFolderResp = await userClient.FoldersManager.UpdateInformationAsync(request);
if (moveFolderResp != null)
{
result.Log.Add(new StatusMessage() { Status = StatusMessage.StatusCode.Info, Msg = $"Successfully moved content to archive folder." });
}
-
Hi Scott,
Not sure how you have your app authentication configured, but consider this:
JWT App configured as:
- App+Enterprise access
- All content actions (read/write all files)
- All administrative actions
- Make API calls using the as-user header
- Generate user access token
Just because this app has all the privileges above, the sharing permissions still apply, and unless the user in question explicitly shared the folder with the app service user, the app service user won't be able to find the files.
However an app configured as above, does have the capability to impersonate a user with the as-user flag.
From your code I don not see where your getting a new client impersonating (as-user) any other user.
I do not have a C# example handy, but follow the steps on the script source code:
- Create a destination folder as the new user (as-user), this returns a destination folder
- Transfer the content from old user to new user (app user), this returns a new transferred folder
- Move the transferred folder into the destination folder (as-user)
Let us know if this helped.
Best regards
サインインしてコメントを残してください。
コメント
1件のコメント