Controlling access to sample management scripts
Sample management scripts run as the UNICOM Intelligence Interviewer Running User that was created before UNICOM Intelligence Interviewer was installed. This user must have Administration privileges, which means that the sample script has wide access to the whole system. Sample management script writers can use CreateObject to create COM objects and then use them. This means that the sample management script has access to the file system as an administrator. (CreateObject can also be used to create ADO objects and access databases.)
The Running User must also have access to all respondent, sample, and quota data, as well as access to databases that UNICOM Intelligence Interviewer uses internally.
Only trusted users should be given access to activities that allow editing of sample management scripts. Currently, these activities are Launch and Participant Rules. Launch can be further controlled to restrict users to selecting from a predefined list of scripts.
Restricting access to sample management scripts in Launch
Access to sample management scripts in the Launch activity is protected through the Interview.Config.xml file, which is normally installed in FMRoot\Shared\Config in the UNICOM Intelligence Interviewer installation folder. The name and location of this file are stored in the InterviewConfigFile site property in DPM.
The file as it is installed makes the Basic and Multimode sample management scripts available to all users who are allowed to activate projects from the Launch activity. It also allows all users to upload new files, but you should restrict access to this feature. You can customize this file to provide access to your own scripts.
Naming sample management scripts
The <PresetDefinitions> section of Interview.Config.xml defines the names and locations of the scripts that may be displayed in the Scripts list on Launch's Sample Management tab. In the installed file it is as follows:
<PresetDefinitions>
<SampleManagements>
<SampleManagement name="Basic">
<Property name="Script" type="filename">
<![CDATA[<RootFolder>\Shared\Library\Sample Management Scripts\basic_sample.mrs]]>
</Property>
<Property name="Provider" type="string">
<![CDATA[mrScriptBasicSM.Provider]]>
</Property>
</SampleManagement>
<SampleManagement name="Multimode">
<Property name="Script" type="filename">
<![CDATA[<RootFolder>\Shared\Library\Sample Management Scripts\multimode1_sample.mrs]]>
</Property>
<Property name="Provider" type="string">
<![CDATA[mrScriptBasicSM.Provider]]>
</Property>
</SampleManagement>
</SampleManagements>
</PresetDefinitions>
To add your own scripts to the list
1 Copy and paste one of the <SampleManagement> sections.
2 In the new <SampleManagement> tag, replace the script name with the name by which you want to refer to your script in this configuration file.
3 In the CDATA tag, replace the script filename with the filename of your script.
4 If your script is written in VBScript rather than the UNICOM Intelligence scripting language, replace mrScriptBasicSM.Provider with VBScriptSM.Provider in the CDATA tag in the <Property> tag.
Who can see which scripts in the Script list
The <AccessControl> section of Interview.Config.xml specifies which roles should see each script in the list. The definition in the installed file allows all users to see the Basic and Multimode scripts:
<AccessControl>
<Default>
<Presets>
<SampleManagements>
<SampleManagement name="Basic" />
<SampleManagement name="Multimode" />
</SampleManagements>
</Presets>
</Default>
<Roles/>
</AccessControl>
To allow access to scripts based on role membership, expand the <Roles> section to include entries for each role that can access scripts. The syntax for this section is:
<Roles>
<Role name="RoleName">
<Presets>
<SampleManagements>
<SampleManagement name="ScriptName1" />
<SampleManagement name="ScriptName2" />
</SampleManagements>
</Presets>
</Role>
</Roles>
You must enter role names in exactly the same case as they are shown in the UNICOM Intelligence Interviewer - Server Admin User Administration activity. The names that you enter for the sample management scripts must be the same as script names in the <PresetDefinitions> section. Here is an example of a complete <Roles> section that defines the contents of the Scripts list as Launch will display it for the CustAGroup and CustBGroup roles. The list for CustAGroup will show General and CustAScript, while the list for CustBGroup will show General and CustBScript:
<AccessControl>
<Roles>
<Role name="CustAGroup">
<Presets>
<SampleManagements>
<SampleManagement name="General" />
<SampleManagement name="CustAScript" />
</SampleManagements>
</Presets>
</Role>
<Role name="CustBGroup">
<Presets>
<SampleManagements>
<SampleManagement name="General" />
<SampleManagement name="CustBScript" />
</SampleManagements>
</Presets>
</Role>
</Roles>
</AccessControl>
Editing scripts in the Script Listing frame
Although the
Interview.Config.xml file controls who sees which scripts in the Script list, it does not control who can view and edit these scripts in the script listing box. These restrictions are defined using the
canEditSampleScript property in UNICOM Intelligence Interviewer - Server Admin's User Administration activity. For more information, see
Assigning users or roles to activity features.
See also