IMetabasePolicy.ESKMode

Fore Syntax

ESKMode: Boolean;

Fore.NET Syntax

ESKMode: Boolean;

Description

The ESKMode property determines whether it is possible to use compatibility mode to work with domain groups in Oracle DBMS.

Comments

The property is relevant only on working in repository based on Oracle DBMS. By default the property is set to False and it is possible to add only users in security manager from domain. On setting to True, compatibility mode will be on that enables to add domain groups and to set up access permissions for it in a particular way. More detailed information about permission distribution is presented in theDomain Authorization on Working With Oracle Server Subsection. Necessary requirement to enable compatibility mode is to enable role distribution between information security administrator and application administrator and to use method of access restriction by levels.

Fore Example

Sub UserProc;
Var
    MB: IMetabase;
    Security: IMetabaseSecurity;
    Police: IMetabasePolicy;
    MandatoryAccess: IMetabaseMandatoryAccess;
    Category: ISecurityCategory;
Begin
    MB := MetabaseClass.Active;
    Security := MB.Security;
    Police := Security.Policy;
    //Compatibility mode
    Police.ESKMode := True;
    //Enable mode of role distribution between information security administrator and application administrator
    Police.PromoteToIsaMode(Security.ResolveName(MB.Id + "_ISA") As IMetabaseUser);
    MandatoryAccess := Police.MandatoryAccess;
    //Access by levels
    MandatoryAccess.IsSimple := True;
    Category := MandatoryAccess.Category(0);
    Category.AddLevel(1, "Guest");
    Category.AddLevel(2, "AllAccess");
    //Security policy application
    Security.Apply;
End Sub UserProc;

On executing the example the following changes in security policy of current repository will be applied:

• Mode of role distribution between information security administrator and application administrator will be enabled.

• Compatibility mode required to work with domain groups will be enabled.

• Mode of access by levels will be enabled and two security levels will be created.

Fore.NET Example

The requirements and result of the Fore.NET example execution match with those in the Fore example.

Imports Prognoz.Platform.Interop.Metabase;

Public Shared Sub Main(Params: StartParams);
Var
    MB: IMetabase;
    Security: IMetabaseSecurity;
    Police: IMetabasePolicy;
    MandatoryAccess: IMetabaseMandatoryAccess;
    Category: ISecurityCategory;
Begin
    MB := Params.Metabase;
    Security := MB.Security;
    Police := Security.Policy;
    //Compatibility mode
    Police.ESKMode := True;
    //Enable mode of role distribution between information security administrator and application administrator
    Police.PromoteToIsaMode((Security.ResolveName(MB.Id + "_ISA") As IMetabaseUser), IsaModePromoteOptions.ismopropNone);
    MandatoryAccess := Police.MandatoryAccess;
    //Access by levels
    MandatoryAccess.IsSimple := True;
    Category := MandatoryAccess.Category[0];
    Category.AddLevel(1, "Guest");
    Category.AddLevel(2, "AllAccess");
    //Security policy application
    Security.Apply();
End Sub;

See also:

IMetabasePolicy