IMetabasePolicy.AllowCreateUserGrant

Fore Syntax

AllowCreateUserGrant: Boolean;

Fore.NET Syntax

AllowCreateUserGrant: System.Boolean;

Description

The AllowCreateUserGrant property enables creating two roles while maintaining the security policy:

The first role includes the "Create user" and "Drop user" system privileges.
The second role includes the "Alter user" system privilege.

Comments

By default this property is deselected. It becomes available when roles of application administrator and ISA are separated.

The information security administrator will be included into the created roles. Only the administrator can change the property value. If AllowCreateUserGrant is set to False, roles are deleted.

During the user update depending on the privileges, the user is either added to the role, or removed from the role.

The property is available only for repositories created on the basis of Oracle DBMS.

Fore Example

Executing the example is supposed in the repository created basing on the Oracle DBMS.

Sub UserProc;
Var
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Isa: IMetabaseUser;
    Policy: IMetabasePolicy;
Begin
    MB := MetabaseClass.Active;
    MS := MB.Security;
    Isa := MS.ResolveName(MB.Id + "_ISA") As IMetabaseUser;
    Policy := MS.Policy;
    //Enable role distribution between AIS and application administrator
    Policy.PromoteToIsaMode(Isa, IsaModePromoteOptions.RestrictAdminAccess Or IsaModePromoteOptions.RestrictIsaAccess);
    //Create two roles
    Policy.AllowCreateUserGrant := True;
    MS.Apply;
End Sub UserProc;

Executing the example activates mode of role distribution between AIS and application administrator. Two roles will be created for AIS which will be used on user administration.

Fore.NET Example

The requirements and result of the Fore.NET example execution match with those in the Fore example.

Imports Prognoz.Platform.Interop.Metabase;

Public Shared Sub Main(Params: StartParams);
Var
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Isa: IMetabaseUser;
    Policy: IMetabasePolicy;
Begin
    MB := Params.Metabase;
    MS := MB.Security;
    Isa := MS.ResolveName(MB.Id + "_ISA") As IMetabaseUser;
    Policy := MS.Policy;
    //Enable role distribution between AIS and application administrator
    Policy.PromoteToIsaMode(Isa, IsaModePromoteOptions.ismopropRestrictAdminAccess Or IsaModePromoteOptions.ismopropRestrictIsaAccess);
    //Create two roles
    Policy.AllowCreateUserGrant := True;
    MS.Apply();
End Sub;