RestrictIsaAccess: Boolean;
RestrictIsaAccess: System.Boolean;
The RestrictIsaAccess property determines whether users who have a privilege as ISA (Change security mode and a list of access control of any object) have a possibility to open repository objects.
By default this property is set to False. If the value is True, user's privileges "Right to read and open all objects" are ignored, and if the user tries to open a repository object the message says that there are not enough rights to do the operation.
To execute the example, add a link to the Metabase system assembly.
Sub UserProc;
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Isa: IMetabaseUser;
Policy: IMetabasePolicy;
Begin
MB := MetabaseClass.Active;
MS := MB.Security;
Isa := MS.ResolveName(MB.Id + "_ISA") As IMetabaseUser;
Policy := MS.Policy;
Policy.RestrictIsaAccess := True;
Policy.PromoteToIsaMode(Isa);
MS.Apply;
End Sub UserProc;
After executing this example a mode of distributing roles between ISA and AA is activated. Users who have privileges as ISA have cannot open repository objects, the message says that there are not enough rights to do the operation.
The specified procedure is an entry point for the .NET assembly.
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Isa: IMetabaseUser;
Policy: IMetabasePolicy;
Begin
MB := Params.Metabase;
MS := MB.Security;
Isa := MS.ResolveName(MB.Id + "_ISA") As IMetabaseUser;
Policy := MS.Policy;
Policy.RestrictIsaAccess := True;
Policy.PromoteToIsaMode(Isa, IsaModePromoteOptions.ismopropNone);
MS.Apply();
End Sub;
After executing this example a mode of distributing roles between ISA and AA is activated. Users who have privileges as ISA have cannot open repository objects, the message says that there are not enough rights to do the operation.
See also: