User deprovision with archive

Hello - I am working with the .NET SDK to try and deprovision user accounts according to this guide - https://developer.box.com/guides/users/deprovision/

I am able to get this to work just fine but I noticed with the CLI guide found at https://github.com/box/boxcli/blob/main/examples/User%20Deprovisioning/Users_Deprovision.ps1#L12 they move the new create user archive folder to a "Employee Archive" folder. I would like to do this but I am running into access is denied issues trying to move the folder.

I have tried to use an admin client and user client to move the folder. I have gone into the admin console and used the Log into this account and tried to move the folders manually and get the same access denied.

Are there special permission around these transferred folders and files that prevent them from being moved out of the root folder of the destination account?

Thank you.

Here is my simple code for reference:

// Transfer users content to current user's root folder before deleting user
BoxFolder movedFolder = await adminclient.UsersManager.MoveUserFolderAsync(boxUserId, DestBoxId, notify: false);

BoxFolderRequest request = new BoxFolderRequest();
                        request.Id = movedFolder.Id;
                        request.Parent = new BoxRequestEntity();
                        request.Parent.Id = ArchiveFolderId;

                        var moveFolderResp = await userClient.FoldersManager.UpdateInformationAsync(request);
                        if (moveFolderResp != null)
                        {
                            result.Log.Add(new StatusMessage() { Status = StatusMessage.StatusCode.Info, Msg = $"Successfully moved content to archive folder." });
                        }

Rui Barbosa

2023年02月10日 17:58

Hi Scott,

Not sure how you have your app authentication configured, but consider this:

JWT App configured as:

App+Enterprise access
All content actions (read/write all files)
All administrative actions
Make API calls using the as-user header
Generate user access token

Just because this app has all the privileges above, the sharing permissions still apply, and unless the user in question explicitly shared the folder with the app service user, the app service user won't be able to find the files.

However an app configured as above, does have the capability to impersonate a user with the as-user flag.

From your code I don not see where your getting a new client impersonating (as-user) any other user.

I do not have a C# example handy, but follow the steps on the script source code:

Create a destination folder as the new user (as-user), this returns a destination folder
Transfer the content from old user to new user (app user), this returns a new transferred folder
Move the transferred folder into the destination folder (as-user)

Let us know if this helped.

Best regards

コメント