# MNG Engine (Engine `mng`)
This engine provides jobs for managing groups and users of enaio®.
The following jobs can only be executed by users with administrator rights:
* [mng.AddUserGroupAsc](mng.md#mng.AddUserGroupAsc)
* [mng.CreateGroup](mng.md#mng.CreateGroup)
* [mng.CreateUser](mng.md#mng.CreateUser)
* [mng.DeleteGroup](mng.md#mng.DeleteGroup)
* [mng.DeleteUser](mng.md#mng.DeleteUser)
* [mng.EmptyGroup](mng.md#mng.EmptyGroup)
* [mng.ExportSecuritySystem](mng.md#mng.ExportSecuritySystem)
* [mng.RemoveUserGroupAsc](mng.md#mng.RemoveUserGroupAsc)
* [mng.SetGroupAttributes](mng.md#mng.SetGroupAttributes)
* [mng.SetUserAttributes](mng.md#mng.SetUserAttributes)
## Groups
* [mng.CreateGroup](mng.md#mng.CreateGroup)
* [mng.DeleteGroup](mng.md#mng.DeleteGroup)
* [mng.EmptyGroup](mng.md#mng.EmptyGroup)
* [mng.GetGroupAttributes](mng.md#mng.GetGroupAttributes)
* [mng.SetGroupAttributes](mng.md#mng.SetGroupAttributes)
* [mng.GetGroupList](mng.md#mng.GetGroupList)
* [mng.GetGroupMembers](mng.md#mng.GetGroupMembers)
## Users
* [mng.CreateUser](mng.md#mng.CreateUser)
* [mng.DeleteUser](mng.md#mng.DeleteUser)
* [mng.GetUserAttributes](mng.md#mng.GetUserAttributes)
* [mng.SetUserAttributes](mng.md#mng.SetUserAttributes)
* [mng.GetUserList](mng.md#mng.GetUserList)
* [mng.GetUserGroups](mng.md#mng.GetUserGroups)
* [mng.GetUserProfile](mng.md#mng.GetUserProfile)
* [mng.GetUserRoles](mng.md#mng.GetUserRoles)
* [mng.StoreUserProfile](mng.md#mng.StoreUserProfile)
## Group Assignments
* [mng.AddUserGroupAsc](mng.md#mng.AddUserGroupAsc)
* [mng.RemoveUserGroupAsc](mng.md#mng.RemoveUserGroupAsc)
## Security System
The security system has two mechanisms that operate side by side in the same system: clauses at the group level (see [mng.ExportSecuritySystem](mng.md#mng.ExportSecuritySystem)) and ACL rules at the object level (see [dms.ReadSD](dms.md#dms.ReadSD) and the other DMS security jobs).
* [mng.ExportSecuritySystem](mng.md#mng.ExportSecuritySystem)
* [mng.UpdateSecuritySystem](mng.md#mng.UpdateSecuritySystem)
## Language Resources
### JSON Schema
The methods [mng.GetResourceString](mng.md#mng.GetResourceString), [mng.SetResourceString](mng.md#mng.SetResourceString) and [mng.DeleteResourceString](mng.md#mng.DeleteResourceString) support input and output parameters in JSON format.
For JSON tags, case sensitivity is observed.
For the content of language abbreviations and keys, case sensitivity corresponds to the database setting.
Keys beginning with `OS`, `RichClient` or `WebClient` are reserved and must not be changed.
Own keys must be created in the `Project` area.
The JSON schema for all three methods:
```json
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"Keys": {
"type": "array",
"items": [{
"type": "object",
"properties": {
"Key": { "type": "string" },
"Lang": { "type": "string" },
"Values": {
"type": "array",
"items": [{
"type": "object",
"properties": {
"Lang": { "type": "string" },
"Value": { "type": "string" }
},
"required": ["Value"]
}]
}
},
"required": ["Key"]
}]
}
}
}
```
Example for [mng.SetResourceString](mng.md#mng.SetResourceString) (input) and [mng.GetResourceString](mng.md#mng.GetResourceString) (output):
```json
{
"Keys": [
{
"Key": "Project.key1.Workflow_3",
"Values": [
{ "Lang": "en_US", "Value": "Bill" },
{ "Lang": "de_DE", "Value": "Rechnung" }
]
}
]
}
```
Example for [mng.GetResourceString](mng.md#mng.GetResourceString) and [mng.DeleteResourceString](mng.md#mng.DeleteResourceString) (query parameters):
```json
{
"Keys": [
{ "Key": "Project.key1.Workflow_3", "Lang": "en_US" },
{ "Key": "Project.key2.*", "Lang": "de_DE" },
{ "Key": "Project.key3.*", "Lang": "*" }
]
}
```
* [mng.GetResourceString](mng.md#mng.GetResourceString)
* [mng.SetResourceString](mng.md#mng.SetResourceString)
* [mng.DeleteResourceString](mng.md#mng.DeleteResourceString)
## Undocumented Endpoints
The following jobs are offered by the enaio® server but are not currently described in this documentation:
Configuration::
`mng.CleanUpConfig`, `mng.CleanUpLog`, `mng.ConfigCom`, `mng.ConfigCrypto`, `mng.ConfigIndexServer`, `mng.ConfigPath`, `mng.ConfigServer`
Server management and redirection::
`mng.EnumServerGroups`, `mng.EnumServers`, `mng.GetServerFamilyInfo`, `mng.GetServersActivity`, `mng.StartRedirection`, `mng.StopRedirection`, `mng.ResumeRedirection`
System and object definition files::
`mng.GetSystemFile`, `mng.StoreSystemFile`, `mng.ExportObjectDefinition`
Security system::
`mng.ImportSecuritySystem`
Localization and roles::
`mng.AddLocalizationLanguage`, `mng.RemoveLocalizationLanguage`, `mng.GetUserCountForRoles`
## mng.AddUserGroupAsc
This job adds the specified users to a group.
Users and groups can be specified either by GUID or ID.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `AdmInfo` | BASE64 | Yes | Group assignments in XML format (see below). |
### AdmInfo Structure
```xml
```
| Attribute | Type | Description |
|---|---|---|
| `[osuid]` | STRING | GUID of the user |
| `[osgid]` | STRING | GUID of the group |
| `[user_id]` | STRING | ID of the user |
| `[group_id]` | INT | ID of the group |
### Return Value
(INT): 0 = Job successful, otherwise error code.
### See Also
[mng.RemoveUserGroupAsc](mng.md#mng.RemoveUserGroupAsc)
## mng.CreateGroup
This job creates a new user group.
An entry is created in the DB table `gruppen`.
ID and `osguid` are generated by the job and returned in XML.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `GroupInfo` | BASE64 | Yes | Properties of the group in XML format (see below). |
| `HasEncoding` | BOOL | Yes | `GroupInfo` contains encoding (e.g., UTF-8). |
### GroupInfo Structure
```xml
```
| Attribute | Type | Description |
|---|---|---|
| `id` | INT | ID of the group (set by the job) |
| `name` | STRING | Name of the group |
| `osguid` | STRING | GUID of the group (set by the job) |
| `profil` | INT | ID of the profile user assigned to the group |
| `description` | STRING | Description of the group |
### Output Parameters
| Name | Type | Dependency | Description |
|---|---|---|---|
| `GroupInfo` | BASE64 | — | Properties of the group in XML format — `id` and `osguid` are set. |
### Return Value
(INT): 0 = Job successful, otherwise error code.
## mng.CreateUser
This job creates a new user.
A new record is created in the DB table `benutzer`.
ID and `osguid` are generated by the job and returned in XML.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `UserInfo` | BASE64 | Yes | Properties of the user in XML format (see below). |
| `HasEncoding` | BOOL | Yes | `UserInfo` contains encoding (e.g., UTF-8). |
| `[PlainPassword]` | BOOL | No | If present and `1`, the password is taken from the XML in plaintext and encrypted. If one-time passwords are not configured, this causes an error. |
### UserInfo Structure
```xml
```
| Attribute | Type | Description |
|---|---|---|
| `account_type` | INT | Login type: `0` = user login; `1` = application server; `2` = ANONYMOUS; `3` = application server (e.g., Java server) |
| `bemerkung` | STRING | Comment from user configuration |
| `benutzer` | STRING | Username |
| `loginName` | STRING | Login name |
| `flags` | INT | `0` = normal user; `1` = server or ANONYMOUS |
| `geaendert` | INT | `0` = profile not changed; `1` = profile was changed |
| `id` | INT | ID of the user (set by the job) |
| `langid` | INT | ID of the used language (empty = German) |
| `locked` | INT | `1` = user is locked, otherwise `0` |
| `logincount` | INT | Number of login attempts |
| `loginstation` | STRING | Name of the last login station |
| `logintime` | INT | Login timestamp |
| `name` | STRING | Full name of the user |
| `osemail` | STRING | User's email |
| `osguid` | STRING | GUID of the user (set by the job) |
| `passwort` | STRING | Encrypted password of the user |
| `profil` | INT | `-1` = no profile; `0` = user profile; `>0` = ID of assigned profile |
| `server_id` | INT | ID of the server |
| `station` | STRING | Name of the user's workstation |
| `supervisor` | INT | `-1` = supervisor, otherwise `0` |
| `validfrom` | INT | User account valid from (timestamp) |
| `validto` | INT | User account valid to (timestamp) |
### Output Parameters
| Name | Type | Dependency | Description |
|---|---|---|---|
| `UserInfo` | BASE64 | — | Properties of the user in XML format — `id` and `osguid` are set. |
### Return Value
(INT): 0 = Job successful, otherwise error code.
## mng.DeleteGroup
This job deletes a group from the DB table `gruppen`.
A group can only be deleted if no users are still assigned to it (DB table `bgrel`).
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Indicates through which parameter the group is identified: +
`0` = `sGroupGuid` +
`1` = `sGroupId` +
`2` = `sGroupName` |
| `[sGroupGuid]` | STRING | No | GUID of the group |
| `[sGroupId]` | STRING | No | ID of the group |
| `[sGroupName]` | STRING | No | Name of the group |
### Return Value
(INT): 0 = Job successful, otherwise error code.
### See Also
[mng.EmptyGroup](mng.md#mng.EmptyGroup)
## mng.DeleteResourceString
This job deletes self-created language resource keys from the resource storage table of the database.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `[JSON]` | BASE64 | No | Delete multiple keys in JSON format (see <<_json_schema_language_resources>>). |
| `[Key]` | STRING | No | Key to delete. Example: `Project.key1.Workflow_3` +
Wildcards `*` and `?` are allowed. |
| `[Language]` | STRING | No | Language code. Example: `de_DE` +
Wildcards `*` and `?` are allowed. |
> **Note:** `JSON` and `Key`/`Language` can be used independently. +
`Key` and `Language` are trimmed (leading and trailing spaces removed).
### Return Value
None.
## mng.DeleteUser
This job deletes a user from the DB table `benutzer`.
Group assignments (`bgrel`), system roles (`ossysroles`), subscriptions (`osabonnement`), and personal settings (`osconf`) of the user are also deleted.
Optionally, folders and mailbox content can be forwarded to another user.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Indicates through which parameter the user is identified: +
`0` = `sUser` / `sTarget` +
`1` = `sUserGuid` / `sTargetGuid` +
`2` = `sUserId` / `sTargetId` |
| `InheritanceFlags` | INT | Yes | Indicates whether folders and mailbox content are forwarded: +
`0` = folders and mails are deleted +
`1` = folders are forwarded +
`2` = mails are forwarded +
`3` = folders and mails are forwarded |
| `[sUser]` | STRING | No | Username |
| `[sUserGuid]` | STRING | No | GUID of the user |
| `[sUserId]` | STRING | No | ID of the user |
| `[sTarget]` | STRING | No | Recipient username (receives folders/mails) |
| `[sTargetGuid]` | STRING | No | GUID of the recipient (receives folders/mails) |
| `[sTargetId]` | STRING | No | ID of the recipient (receives folders/mails) |
### Return Value
(INT): 0 = Job successful, otherwise error code.
## mng.EmptyGroup
This job empties a group.
All user assignments are deleted from the DB table `bgrel`.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Indicates through which parameter the group is identified: +
`0` = `sGroupGuid` +
`1` = `sGroupId` +
`2` = `sGroupName` |
| `[sGroupGuid]` | STRING | No | GUID of the group |
| `[sGroupId]` | STRING | No | ID of the group |
| `[sGroupName]` | STRING | No | Name of the group |
### Return Value
(INT): 0 = Job successful, otherwise error code.
## mng.ExportSecuritySystem
This job exports the security system clauses defined at the group level for a selection of user groups or for all groups. For each group × cabinet × object type, one entry is returned with the configured main rights, annotation rights and the optionally configured clauses.
The security system has two mechanisms: clauses at the group level (this job) and ACL rules at the object level (see [dms.ReadSD](dms.md#dms.ReadSD)).
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Reserved. Always pass `0`. |
| `GroupIDs` | STRING | Yes | Comma-separated list of numeric group IDs (see the `id` field returned by [mng.GetGroupList](mng.md#mng.GetGroupList)). An empty string exports all groups. |
### Output Parameters
| Name | Type | Dependency | Description |
|---|---|---|---|
| `FileCount` | INT | — | Always `1` |
### Output Files
| Name | Description |
|---|---|
| `File list` | Path and name of the UTF-8 encoded XML export file. The filename follows the pattern `ecmind_.xml`. |
### XML Structure
```xml
…
…
```
`` contains exactly two child elements: the list of clause entries `` and the list of groups included in the export ``.
#### `` Attributes
| Attribute | Type | Description |
|---|---|---|
| `groupid` | INT | Numeric ID of the group. |
| `groupname` | STRING | Name of the group. |
| `cabinetid` | INT | Numeric ID of the cabinet. |
| `cabinetname` | STRING | Display name of the cabinet. |
| `objecttypeid` | INT | Numeric ID of the object type (cabinet folder, folder, register, subregister or document). Structure and computation: Object Type ID. |
| `objecttypename` | STRING | Display name of the object type. |
| `rights` | INT | Bitfield of the configured main rights — see <>. |
| `annotations` | INT | Bitfield of the configured annotation rights — see <>. |
| `delete_clause` | STRING | Clause for the **D** right (delete object). |
| `write_clause` | STRING | Clause for the **W** right (write index data). |
| `obread_clause` | STRING | Clause for the **X** right (output object). |
| `obwrite_clause` | STRING | Clause for the **U** right (write object). |
| `hlp_clause` | STRING | Clause for the **R** right (display index data). The historical name "auxiliary right" stems from older enaio® versions, where displaying index data was modelled as the prerequisite right for all further actions. |
| `str_clause` | STRING | Legacy attribute without an actively used right; always empty in the export and can be ignored. |
All clause attributes are optional. If no clause is configured, the server returns an empty string. Clauses exist only for the five main rights; the annotation rights (G, P) are pure bitmask markers without an associated clause.
#### `` Attributes
| Attribute | Type | Description |
|---|---|---|
| `groupid` | INT | Numeric ID of the group. |
| `groupname` | STRING | Name of the group. |
### Rights Bitfields
#### `rights` — the five main rights
Every group × object type combination can carry five rights, encoded as a bitfield in `rights`:
| Bit | Value | Right | Description |
|---|---|---|---|
| 0 | `0x01 (1)` | **X** | Output object (open, print, export). |
| 1 | `0x02 (2)` | **D** | Delete object. |
| 2 | `0x04 (4)` | **W** | Write index data. |
| 3 | `0x08 (8)` | **R** | Display index data. |
| 4 | `0x10 (16)` | **U** | Write object (create / modify). |
`0x1F (31)` = R+W+D+X+U (all five rights set).
##### Dependency Rules
When setting multiple rights, the following prerequisites apply on the server side:
* **R** is a prerequisite for every other right. Without R, W, D, X, U have no functional effect.
* **U** additionally requires **X**.
#### `annotations` — the two annotation rights
| Bit | Value | Right | Description |
|---|---|---|---|
| 0 | `0x01 (1)` | **G** | View / edit annotations. |
| 1 | `0x02 (2)` | **P** | PDF / print annotations. |
`0x03 (3)` = G+P. Annotation rights are pure bitmask markers and carry no clauses.
#### Mapping Clause Attribute → Right
| Attribute | Right | Meaning |
|---|---|---|
| `delete_clause` | **D** | Delete object |
| `write_clause` | **W** | Write index data |
| `obread_clause` | **X** | Output object |
| `obwrite_clause` | **U** | Write object |
| `hlp_clause` | **R** | Display index data (historical "auxiliary right") |
| `str_clause` | — | Legacy, always empty, ignore |
### Clause Language
The strings in the `*_clause` attributes are the raw clauses, that is, exactly what the enaio® server evaluator reads. They differ from the editor UI form.
#### Syntax Version Prefix `#BCCF#`
Every clause begins with the `#BCCF#` prefix. It indicates the clause language version in which the following expression is to be read. No other prefixes are defined in the current API version.
#### Field References
| Notation | Meaning |
|---|---|
| `[[dbcolumn]]` | Direct access to a database column of the current object (typical enaio® columns: `feldN`, `zahlN`, `realN`, `datumN`). |
| `dbcolumn` (without brackets) | Also accepted — the parser recognises the bare column form. |
| `sys''` | Base parameter fields (e.g., `sys'modifyuser'`, `sys'created'`). Referenced without `[[…]]` notation. |
DB column naming scheme:
| Column | Data Type | Example Field Type |
|---|---|---|
| `feldN` | STRING | Text field, selection list, catalog entry |
| `zahlN` | INT / BOOLEAN / TIME | Number, checkbox, radio button, time, date / time stamp |
| `realN` | DOUBLE | Decimal number |
| `datumN` | DATE | Date field |
In the editor the user sees the form `[Display Name]` or `[InternalName]`; the export delivers the underlying DB column names. Resolution of `cabinetid`, `objecttypeid` and DB columns to the internal field name or display name is performed via the object definition from [dms.GetObjDef](dms.md#dms.GetObjDef). Base parameters such as `sys'modifyuser'` or `sys'created'` are not part of the per-object-type field list and must be recognised separately as a fixed list of documented base parameters.
#### Function `folder( )`
`folder(...)` shifts the evaluation context: the bracketed sub-expression is evaluated against the **enclosing folder** of the current object. This allows a clause on a document or register to check conditions on the parent folder.
Consequence: folder object types (cabinet folder, folder) cannot themselves contain `folder(...)` — they have no enclosing folder. Such clauses make sense only on register, subregister and document object types.
#### Operators
`=`, `!=`, `>`, `<`, `>=`, `<=`, `in`, `not in`, `between`, `not between`, `and`, `or`.
#### Runtime Variables
| Variable | Meaning |
|---|---|
| `#DATE#` | Today's date |
| `#DATETIME#` | Current point in time |
| `#TIME#` | Current time |
| `#USER#` | Logged-in user |
| `#GROUPS#` | Groups of the logged-in user |
| `#RIGHTGROUP#` | Active rights group |
| `#COMPUTERNAME#` | Name of the client computer |
| `#COMPUTERGUID#` | GUID of the client computer |
| `#COMPUTERIP#` | IP address of the client computer |
### Examples
#### Complete Marker Configuration on a Register Type
A clause of the form `[[feld1]] = ''` for each main right shows the mapping "clause attribute → right" exemplarily:
```xml
```
#### Cabinet-Wide Visibility Rule via System Field
```xml
```
The entry defines the R clause on the cabinet folder: only objects whose modifier is `SAMPLEUSER` are readable for the `Caseworker` group.
#### Parent Folder Condition on a Document
```xml
```
`rights="11"` = R+D+X set; `annotations="2"` = only P. The D clause checks a column on the parent folder, the R clause combines three conditions on the document itself.
### Return Value
`(INT)`: `0` = Job successful, otherwise error code.
### See Also
* [mng.GetGroupList](mng.md#mng.GetGroupList) — provides the numeric IDs for `GroupIDs`
* [mng.GetGroupAttributes](mng.md#mng.GetGroupAttributes) — detailed attributes of a group
* [dms.GetObjDef](dms.md#dms.GetObjDef) — resolution of `cabinetid`, `objecttypeid` and DB columns
* [dms.ReadSD](dms.md#dms.ReadSD) — ACL mechanism of the security system at the object level
## mng.GetGroupAttributes
This job delivers the properties of the specified group.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `OutputUnicode` | INT | Yes | Must be passed as `1`. |
| `Group` | STRING | Yes | Name of the group |
### Output Parameters
| Name | Type | Dependency | Description |
|---|---|---|---|
| `utfXmlInfo` | BASE64 | — | Properties of the group in XML format (see below). |
### Structure of utfXmlInfo
```xml
```
| Attribute | Type | Description |
|---|---|---|
| `id` | INT | ID of the group |
| `name` | STRING | Name of the group |
| `osguid` | STRING | GUID of the group |
| `profil` | INT | ID of the profile user assigned to the group |
| `description` | STRING | Description of the group |
### Return Value
(INT): 0 = Job successful, otherwise error code.
### See Also
[mng.GetGroupList](mng.md#mng.GetGroupList), [mng.SetGroupAttributes](mng.md#mng.SetGroupAttributes)
## mng.GetGroupList
This job delivers a list of all groups.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `OutputUnicode` | INT | Yes | Must be passed as `1`. |
### Output Parameters
| Name | Type | Dependency | Description |
|---|---|---|---|
| `utfGroupList` | BASE64 | — | List of all defined groups in XML format (see below). |
### Structure of utfGroupList
```xml
```
| Attribute | Type | Description |
|---|---|---|
| `id` | INT | ID of the group |
| `name` | STRING | Name of the group |
| `osguid` | STRING | GUID of the group |
| `profil` | INT | ID of the profile user assigned to the group |
| `description` | STRING | Description of the group |
### Return Value
(INT): 0 = Job successful, otherwise error code.
### See Also
[mng.GetGroupAttributes](mng.md#mng.GetGroupAttributes), [mng.GetGroupMembers](mng.md#mng.GetGroupMembers)
## mng.GetGroupMembers
This job delivers a list of all members of the specified group.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Indicates through which parameter the group is searched: +
`0` = `GroupName` +
`1` = `GroupGUID` +
`2` = `GroupID` |
| `OutputUnicode` | INT | Yes | Must be passed as `1`. |
| `GroupName` | STRING | Yes | Name of the group |
| `GroupGUID` | STRING | Yes | GUID of the group |
| `GroupID` | INT | Yes | ID of the group |
### Output Parameters
| Name | Type | Dependency | Description |
|---|---|---|---|
| `utfUserList` | BASE64 | — | List of all group members in XML format (see below). |
### Structure of utfUserList
```xml
```
| Attribute | Type | Description |
|---|---|---|
| `benutzer` | STRING | Username |
| `loginName` | STRING | Login name |
| `id` | INT | ID of the user |
| `name` | STRING | Full name of the user |
| `osguid` | STRING | GUID of the user |
### Return Value
(INT): 0 = Job successful, otherwise error code.
## mng.GetResourceString
This job delivers language resource keys with the assigned values for languages from the resource storage table of the database.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `[JSON]` | BASE64 | No | Request multiple keys or languages in JSON format (see <<_json_schema_language_resources>>). |
| `[Key]` | STRING | No | Requested key. Example: `Project.key1.Workflow_3` +
Wildcards `*` and `?` are allowed. |
| `[Language]` | STRING | No | Language code. Example: `de_DE` +
Wildcards `*` and `?` are allowed. |
> **Note:** `JSON` and `Key`/`Language` can be used independently. +
`Key` and `Language` are trimmed (leading and trailing spaces removed).
### Output Parameters
| Name | Type | Dependency | Description |
|---|---|---|---|
| `[JSON]` | BASE64 | Optional | Result in JSON format (when JSON request) |
| `[Key]` | STRING | Optional | Found key — only when `Key`/`Language` request returns exactly one result |
| `[Language]` | STRING | Optional | Found language code — only when `Key`/`Language` request returns exactly one result |
| `[Value]` | STRING | Optional | Found value — only when `Key`/`Language` request returns exactly one result |
### Return Value
(INT): 0 = Job successful, otherwise error code.
## mng.GetUserAttributes
This job delivers the properties of the specified user.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `OutputUnicode` | INT | Yes | Must be passed as `1`. |
| `User` | STRING | Yes | Username (DB field `benutzer.benutzer`) |
### Output Parameters
| Name | Type | Dependency | Description |
|---|---|---|---|
| `utfXmlInfo` | BASE64 | — | User information in XML format (see below). |
### Structure of utfXmlInfo
```xml
```
| Attribute | Type | Description |
|---|---|---|
| `account_type` | INT | Login type: `0` = user login; `1` = application server; `2` = ANONYMOUS; `3` = application server (e.g., Java server) |
| `bemerkung` | STRING | Comment from user configuration |
| `benutzer` | STRING | Username |
| `changepwd` | INT | `1` = user must change password on next login, otherwise `0` |
| `loginname` | STRING | Login name |
| `flags` | INT | `0` = normal user; `1` = server or ANONYMOUS |
| `geaendert` | INT | `0` = profile not changed; `1` = profile was changed |
| `id` | INT | ID of the user |
| `langid` | INT | ID of the language of the object definition (empty = German) |
| `locked` | INT | `1` = user is locked, otherwise `0` |
| `logincount` | INT | Number of login attempts |
| `loginstation` | STRING | Name of the last login station |
| `logintime` | INT | Login timestamp |
| `mfauthflag` | INT | Multi-factor authentication flag |
| `name` | STRING | Full name of the user |
| `osemail` | STRING | User's email |
| `osguid` | STRING | GUID of the user |
| `passwort` | STRING | Encrypted password of the user |
| `never_expire` | INT | `1` = password never expires, otherwise `0` |
| `profil` | INT | `-1` = no profile; `0` = user profile; `>0` = ID of assigned profile |
| `pwd_changed` | INT | Timestamp of the last password change (Unix timestamp); `0` = password has never been changed |
| `server_id` | INT | ID of the server |
| `station` | STRING | Name of the user's workstation |
| `supervisor` | INT | `-1` = supervisor, otherwise `0` |
| `validfrom` | STRING | User account valid from. Format: `YYYY/MM/DD HH:MM:SS`. Empty = no restriction. |
| `validto` | STRING | User account valid to. Format: `YYYY/MM/DD HH:MM:SS`. Empty = no restriction. |
### Return Value
(INT): 0 = Job successful, otherwise error code.
### See Also
[mng.SetUserAttributes](mng.md#mng.SetUserAttributes)
## mng.GetUserGroups
This job delivers a list of all groups in which the specified user is located.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `OutputUnicode` | INT | Yes | Must be passed as `1`. |
| `UserGUID` | STRING | Yes | GUID of the user |
### Output Parameters
| Name | Type | Dependency | Description |
|---|---|---|---|
| `utfGroupList` | BASE64 | — | List of all groups in which the user is located, in XML format (see below). |
### Structure of utfGroupList
```xml
```
| Attribute | Type | Description |
|---|---|---|
| `id` | INT | ID of the group |
| `name` | STRING | Name of the group |
| `osguid` | STRING | GUID of the group |
| `profil` | INT | ID of the profile user assigned to the group |
| `description` | STRING | Description of the group |
### Return Value
(INT): 0 = Job successful, otherwise error code.
## mng.GetUserList
This job delivers a list of all users, optionally with group membership.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `OutputUnicode` | INT | Yes | Must be passed as `1`. |
| `[ExtendedInfo]` | BOOL | No | `true` = return user list with group membership. |
### Output Parameters
| Name | Type | Dependency | Description |
|---|---|---|---|
| `utfUserList` | BASE64 | — | List of all users in XML format (see below). |
### Structure of utfUserList
```xml
```
| Attribute | Type | Description |
|---|---|---|
| `benutzer` | STRING | Username |
| `loginName` | STRING | Login name |
| `id` | INT | ID of the user |
| `name` | STRING | Full name of the user |
| `osguid` | STRING | GUID of the user |
| `profil` | INT | `-1` = no profile; `0` = user profile; `>0` = ID of assigned profile |
| `bemerkung` | STRING | Comment from user configuration |
| `validfrom` | STRING | User account valid from. Format: `YYYY/MM/DD HH:MM:SS`. Empty = no restriction. |
| `validto` | STRING | User account valid to. Format: `YYYY/MM/DD HH:MM:SS`. Empty = no restriction. |
| `Group/@name` | STRING | Group name (only when `ExtendedInfo=1`) |
### Return Value
(INT): 0 = Job successful, otherwise error code.
### See Also
[mng.GetUserAttributes](mng.md#mng.GetUserAttributes)
## mng.GetUserProfile
This job passes the profile for a user to the client.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Controls the return of timestamps: +
`HIWORD(Flags) = 1` = `LowDateTime` and `HighDateTime` are returned +
`HIWORD(Flags) = 2` = only `LowDateTime` is returned |
| `UserProfile` | STRING | Yes | Name of the user profile |
### Output Parameters
| Name | Type | Dependency | Description |
|---|---|---|---|
| `FileCount` | INT | — | Always `1` |
| `[LowDateTime]` | INT | Optional | Timestamp of the user profile in LowDateTime format |
| `[HighDateTime]` | INT | Optional | Timestamp of the user profile in HighDateTime format |
### Output Files
| Name | Description |
|---|---|
| File list | Filename with the complete path to the profile file |
### Return Value
(INT): 0 = Job successful, otherwise error code.
### See Also
[mng.StoreUserProfile](mng.md#mng.StoreUserProfile)
## mng.GetUserRoles
This job lists the system roles for the logged-in user or a specified user.
Without specifying a user, the system roles of the logged-in user are listed. If a
user is specified, the [system role](mng.md) `Administrator: Configure security system` is required.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported -> pass 0 |
| `UserGUID` | STRING | Yes | GUID of the user |
| `[UserId]` | STRING | No | ID of the user; currently has no effect and is ignored by the server |
### Output Parameters
| Name | Type | Dependency | Description |
|---|---|---|---|
| `Result` | String | — | List of system role IDs, separated by semicolon. See [System Roles](mng.md). |
### Return Value
`(INT)`: `0` = Job successful, otherwise error code +
## mng.RemoveUserGroupAsc
This job deletes a user-to-group assignment (DB table `bgrel`).
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Indicates which parameter is used: +
`0` = `AdmInfo` +
`1` = `UserGUID` |
| `[AdmInfo]` | BASE64 | No | Group assignments to be deleted in XML format (see below). |
| `[UserGUID]` | STRING | No | GUID of the user — the user is removed from all groups. |
### AdmInfo Structure
```xml
```
| Attribute | Type | Description |
|---|---|---|
| `[osuid]` | STRING | GUID of the user |
| `[osgid]` | STRING | GUID of the group |
| `[user_id]` | STRING | ID of the user |
| `[group_id]` | INT | ID of the group |
### Return Value
(INT): 0 = Job successful, otherwise error code.
### See Also
[mng.AddUserGroupAsc](mng.md#mng.AddUserGroupAsc)
## mng.SetGroupAttributes
This job sets the properties of a group.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `GroupInfo` | BASE64 | Yes | Properties of the group in XML format (see below). |
| `HasEncoding` | BOOL | Yes | `GroupInfo` contains encoding (e.g., UTF-8). |
### GroupInfo Structure
```xml
```
| Attribute | Type | Description |
|---|---|---|
| `id` | INT | ID of the group |
| `name` | STRING | Name of the group |
| `osguid` | STRING | GUID of the group |
| `profil` | INT | ID of the profile user assigned to the group |
| `description` | STRING | Description of the group |
### Return Value
(INT): 0 = Job successful, otherwise error code.
### See Also
[mng.GetGroupAttributes](mng.md#mng.GetGroupAttributes)
## mng.SetResourceString
This job writes language resource keys with the assigned values for languages to the resource storage table of the database.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `[JSON]` | BASE64 | No | Write multiple keys, languages and values in JSON format (see <<_json_schema_language_resources>>). |
| `[Key]` | STRING | No | Key to be inserted. Example: `Project.key1.Workflow_3` +
No wildcards allowed. |
| `[Language]` | STRING | No | Language code for the entry. Example: `de_DE` +
No wildcards allowed. |
| `[Value]` | STRING | No | Language-specific value for the key. Example: `Please specify the recipient.` +
Trailing spaces are trimmed. |
> **Note:** `JSON` and `Key`/`Language`/`Value` can be used independently. +
`Key` and `Language` are completely trimmed (leading and trailing spaces removed).
### Return Value
None.
## mng.SetUserAttributes
This job sets the properties of a user.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Currently not supported — pass `0`. |
| `UserInfo` | BASE64 | Yes | Properties in XML format (see below). |
| `HasEncoding` | BOOL | Yes | `UserInfo` contains encoding (e.g., UTF-8). |
### UserInfo Structure
```xml
```
| Attribute | Type | Description |
|---|---|---|
| `account_type` | INT | Login type: `0` = user login; `1` = application server; `2` = ANONYMOUS; `3` = application server (e.g., Java server) |
| `bemerkung` | STRING | Comment from user configuration |
| `benutzer` | STRING | Username |
| `loginName` | STRING | Login name |
| `flags` | INT | `0` = normal user; `1` = server or ANONYMOUS |
| `geaendert` | INT | `0` = profile not changed; `1` = profile was changed |
| `id` | INT | ID of the user |
| `langid` | INT | ID of the used language (empty = German) |
| `locked` | INT | `1` = user is locked, otherwise `0` |
| `logincount` | INT | Number of login attempts |
| `loginstation` | STRING | Name of the last login station |
| `logintime` | INT | Login timestamp |
| `name` | STRING | Full name of the user |
| `osemail` | STRING | User's email |
| `osguid` | STRING | GUID of the user |
| `passwort` | STRING | Encrypted password of the user |
| `profil` | INT | `-1` = no profile; `0` = user profile; `>0` = ID of assigned profile |
| `server_id` | INT | ID of the server |
| `station` | STRING | Name of the user's workstation |
| `supervisor` | INT | `-1` = supervisor, otherwise `0` |
| `validfrom` | INT | User account valid from (timestamp) |
| `validto` | INT | User account valid to (timestamp) |
### Return Value
(INT): 0 = Job successful, otherwise error code.
### See Also
[mng.GetUserList](mng.md#mng.GetUserList), [mng.GetUserAttributes](mng.md#mng.GetUserAttributes)
## mng.StoreUserProfile
This job saves the user profile received from the client and writes a history file (same name with extension `.bac`).
The passed profile file is deleted on the client.
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Controls the timestamp format: +
`HIWORD(Flags) = 2` = save timestamp only in LowDateTime format; +
otherwise use LowDateTime and HighDateTime format. |
| `UserProfile` | STRING | Yes | Name under which the file should be saved. |
| `LowDateTime` | INT | Yes | Timestamp in LowDateTime format |
| `HighDateTime` | INT | Yes | Timestamp in HighDateTime format |
### Input Files
| Name | Description |
|---|---|
| File list | Name and path of the profile file |
### Return Value
(INT): 0 = Job successful, otherwise error code.
### See Also
[mng.GetUserProfile](mng.md#mng.GetUserProfile)
## mng.UpdateSecuritySystem
This job reloads the server-side persisted security clauses so that changes made via external tools in the editor or directly in the database become active without a server restart.
====
This job is not listed in the official enaio® MNG engine overview. This description was reconstructed from the call code of the `enaio-jobs-custom` template.
====
### Input Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| `Flags` | INT | Yes | Reserved; always pass `0`. |
### Return Value
`(INT)`: `0` = job successful, otherwise error code.
### See Also
* [mng.ExportSecuritySystem](mng.md#mng.ExportSecuritySystem) — exports the currently active security clauses