PromoteToIsaMode(Isa: IMetabaseUser; [Options: IsaModePromoteOptions=0]);
PromoteToIsaMode (Isa: Prognoz.Platform.Interop.Metabase.IMetabaseUser; Options: Prognoz.Platform.Interop.Metabase.IsaModePromoteOptions);
Isa. The user who will be Information Security Administrator (ISA). It is necessary to transmit the user with the account *_ISA (where * - SCHEME NAME) as a value.
Options. Determines parameters of activation of distributing roles between ISA and application administrator(AA). By default after activation ISA does not have rights to update users.
The PromoteToIsaMode method activates a mode of distributing roles between information security administrator and application administrator.
To execute the example, add a link to the Metabase system assembly. In a security manager the user with the account *_ISA (where * - SCEME NAME) must be created, a mode of distributing roles between administrators is not used.
Sub UserProc;
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Isa: IMetabaseUser;
Policy: IMetabasePolicy;
Begin
MB := MetabaseClass.Active;
MS := MB.Security;
Isa := MS.ResolveName(MB.Id + "_ISA") As IMetabaseUser;
Policy := MS.Policy;
Policy.PromoteToIsaMode(Isa, IsaModePromoteOptions.RestrictAdminAccess Or IsaModePromoteOptions.RestrictIsaAccess);
MS.Apply;
End Sub UserProc;
After executing this example a mode of distributing roles between ISA and AA is activated. Users who have privileges as ISA and AA cannot open repository objects, the message appears that there are not enough rights to do the operation.
In a security manager the user with the account *_ISA (where * - SCEME NAME) must be created, a mode of distributing roles between administrators is not used. The specified procedure is an entry point for the .NET assembly.
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Isa: IMetabaseUser;
Policy: IMetabasePolicy;
Begin
MB := Params.Metabase;
MS := MB.Security;
Isa := MS.ResolveName(MB.Id + "_ISA") As IMetabaseUser;
Policy := MS.Policy;
Policy.PromoteToIsaMode(Isa, IsaModePromoteOptions.ismopropRestrictAdminAccess Or IsaModePromoteOptions.ismopropRestrictIsaAccess);
MS.Apply();
End Sub;
After executing this example a mode of distributing roles between ISA and AA is activated. Users who have privileges as ISA and AA cannot open repository objects, the message appears that there are not enough rights to do the operation.
See also: