Dean, it would be simpler to see the each permission at the Permission group level e.g Records Manager, Knowledge Worker etc and find users with such Permission group. User permissions are onheroted from these permission groups. In TRIM and RM 8.01 you could create custom groups etc but from RM8.2 these are more of configuration (due to license structure change based on Permission group based license. I personally dislike that model but hey who am I to tell HPE how painful, frustating amd confusing it is to calculate user types).
For these permission group there is a table TS Usage and these permission groups are 1 as Enquiry User , 2 End User and so on. Once I login to the system this morning will email you the exact query.
Here you , hope this help. This script will show you the Permission type give to each user. (All Locations based on assigned profile)
-- User Permission Types SELECT LOCLOG.llLogsInAs as LoginID ,LOCPER.lpSurname as SurName ,LOCPER.lpGivenName as GivenName , CASE WHEN LOCUSE.luUserType = 0 THEN 'TRIM Administrator' WHEN LOCUSE.luUserType = 1 THEN 'Record Officer' WHEN LOCUSE.luUserType = 2 THEN 'Super User' WHEN LOCUSE.luUserType = 3 THEN 'Knowledge Worker' WHEN LOCUSE.luUserType = 4 THEN 'Contributor' ELSE 'Enquire User' END as UserPermission FROM TSLOCLOGIN as LOCLOG , TSLOCPERSO as LOCPER , TSLOCUSAGE as LOCUSE where LOCPER.lpLocUri = LOCLOG.llLocUri and LOCLOG.llLocUri = LOCUSE.luLocUri
.... I personally dislike that model but hey who am I to tell HPE how painful, frustating amd confusing it is to calculate user .
I agree its it difficult to work out exactly who holds what permissions with the change, as each category has some permissions you can remove but the user is still in that category. I work it out exactly with an SDK script that checks the location objects with the HasPermission(UserPermission.xxxxxxx). I set a search sting of Active user of type person that have a network login to filter it down before checking their permissions)