RestrictAdminAccess: Boolean;
RestrictAdminAccess: System.Boolean;
The RestrictAdminAccess property determines, whether the users having the privilege as the application administrator (creating, deleting users), ability to open the repository objects.
By default this property is set to False. If the value is True, user's privileges "Right to read and open all objects" are ignored, and if the user tries to open a repository object the message says that there are not enough rights to do the operation.
This property is relevant to use if distributing administrators roles is used.
To execute the example, add a link to the Metabase system assembly.
Sub UserProc;
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Isa: IMetabaseUser;
Policy: IMetabasePolicy;
Begin
MB := MetabaseClass.Active;
MS := MB.Security;
Isa := MS.ResolveName(MB.Id + "_ISA") As IMetabaseUser;
Policy := MS.Policy;
If Policy.IsaPresent Then
Policy.RestrictAdminAccess := True;
End If;
MS.Apply;
End Sub UserProc;
If the mode of delimiting the roles of administrators is used then the users having privileges as the application administrator (creating, deleting users) cannot open the repository objects.
The specified procedure is an entry point for the .NET assembly.
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Isa: IMetabaseUser;
Policy: IMetabasePolicy;
Begin
MB := Params.Metabase;
MS := MB.Security;
Isa := MS.ResolveName(MB.Id + "_ISA") As IMetabaseUser;
Policy := MS.Policy;
If Policy.IsaPresent Then
Policy.RestrictAdminAccess := True;
End If;
MS.Apply();
End Sub;
If the mode of delimiting the roles of administrators is used then the users having privileges as the application administrator (creating, deleting users) cannot open the repository objects.
See also: