Who am I? How to use Microsoft Office Permission/UserPermission

Question

Microsoft Office documents, im my case: PowerPoint presentations, can have restricted permissions. How can I find out, programmatically, which permissions my code has on a g

Answer 1

I have opened a ticket with Microsoft on this (SRQ091221600157). After a lengthy discussion with Microsoft Support, the ticket is still pending but I think it is already safe to say that there is no explicit way to obtain the information I need.

Microsoft explicitly states that there is no API in PowerPoint to obtain either the identity that was used to open a presentation, or the currently active permissions. A feature request to add that API has been filed.

If you are in a closed environment with your own Rights Management Server, the following approaches would probably work (quoting Microsoft Support, I did not test this myself):

1) Using the COM object ADSystemInfo object.

Dim objADSystemInfo As Object
Dim objUser As Object
objADSystemInfo = CreateObject("ADSystemInfo")
objUser = GetObject("LDAP://" + objADSystemInfo.UserName)
objUser.Get("mail")  'This will return the AD email id 

'We can use this to include in the permission related code that you had sent
If (uperm.UserId = objUser.Get("mail")) Then
    'You can get the permission uperm.Permission for this userid (current logged in)
    MsgBox(uperm.UserId & "logged in user") 
Else
    MsgBox(uperm.UserId & "other user")
End If

2) Using the .NET approach

Dim oDS = New System.DirectoryServices.DirectorySearcher
Dim strUserName As String = Environment.UserName
Dim strFilter As String = "(&(objectCategory=User)(samAccountName=" & strUserName & "))"
oDS.Filter = strFilter
Dim oSr As System.DirectoryServices.SearchResult = oDS.FindOne()
Dim oUser As System.DirectoryServices.DirectoryEntry
oUser = oSr.GetDirectoryEntry()
MessageBox.Show(oUser.InvokeGet("mail"))

Here is the article that explains about these approaches –
http://www.microsoft.com/technet/scriptcenter/resources/pstips/dec07/pstip1207.mspx

However, these approaches do not work for identities that use online IRM services (Microsoft Passport). Also, even with your own Rights Management Server, it may be possible to change your identity in PowerPoint at runtime, in which case the above approaches probably would not yield the desired results (I did not investigate this any further).

I the end, I had to come up with a workaround that tests the permissions I need by trying to run some representative API call and then checking if the call failed.

Thank you for your contributions,
Volker