CurrentDomainSubjectAddState(Type: SecuritySubjectType): DomainSubjectAddState;
CurrentDomainSubjectAddState[Type: SecuritySubjectType]: Prognoz.Platform.Interop.Metabase.DomainSubjectAddState;
Type. Type of the security subjects, which parameters of adding need defining.
The CurrentDomainSubjectAddState property determines settings of adding domain security subjects.
The settings, established in this property, are applied for all users that are being added. This property is analog of the IMetabase.CurrentDomainSubjectAddState property.
Executing the example requires the GROUP1 domain. The users, having the TEST* combination in their name, are created in this domain. Corresponding users are also created on the DB server and have specific grants on the current repository objects.
Sub UserProc;
Var
MB: IMetabase;
MBSec: IMetabaseSecurity;
SubSearch: ISecuritySubjectsSearch;
Subjects: ISecuritySubjects;
Subject: ISecuritySubject;
Begin
MB := MetabaseClass.Active;
MBSec := MB.Security;
//Object for searching users
SubSearch := MBSec.NewSubjectsSearch;
SubSearch.NameCriteria := "GROUP1\TEST*";
//Searching only domain users
SubSearch.AreaIncludeDB := False;
SubSearch.AreaIncludeNT := True;
SubSearch.SubjectCriteria(SecuritySubjectType.User) := True;
SubSearch.ExecuteSearch;
//Found users
Subjects := SubSearch.Subjects;
If Subjects.Count > 0 Then
//Setting parameters of adding domain users
MBSec.CurrentDomainSubjectAddState(SecuritySubjectType.User) :=
DomainSubjectAddState.MakeExternalOn
Or DomainSubjectAddState.ManageDBGrantsOff
Or DomainSubjectAddState.Keep;
//Adding all found users
For Each Subject In Subjects Do
MBSec.AddNTSubject(Subject);
End For;
//Applying security policy
MBSec.Apply;
End If;
End Sub UserProc;
Searching of all domain users, whose name meets the GROUP1\TEST* mask, is performed when executing the example. The found users are added to a repository users list. An indicator of users, connected from the server, is set for the users. When distributing privileges and rights for repository objects, corresponding grants in the repository base are not distributed.
Executing the example requires the GROUP1 domain. The users, having the TEST* combination in their name, are created in this domain. Corresponding users are also created on the DB server and have specific grants on the current repository objects. The specified procedure is an entry point for the .NET assembly.
Imports Prognoz.Platform.Interop.Metabase;
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
MBSec: IMetabaseSecurity;
SubSearch: ISecuritySubjectsSearch;
Subjects: ISecuritySubjects;
Subject: ISecuritySubject;
Begin
MB := Params.Metabase;
MBSec := MB.Security;
//Object for searching users
SubSearch := MBSec.NewSubjectsSearch();
SubSearch.NameCriteria := "GROUP1\TEST*";
//Searching only domain users
SubSearch.AreaIncludeDB := False;
SubSearch.AreaIncludeNT := True;
SubSearch.SubjectCriteria[SecuritySubjectType.sstUser] := True;
SubSearch.ExecuteSearch();
//Found users
Subjects := SubSearch.Subjects;
If Subjects.Count > 0 Then
//Setting parameters of adding users
MBSec.CurrentDomainSubjectAddState[SecuritySubjectType.sstUser] :=
DomainSubjectAddState.dsasMakeExternalOn
Or DomainSubjectAddState.dsasManageDBGrantsOff
Or DomainSubjectAddState.dsasKeep;
//Adding all found users
For Each Subject In Subjects Do
MBSec.AddNTSubject(Subject);
End For;
//Applying security policy
MBSec.Apply();
End If;
End Sub;
Searching of all domain users, whose name meets the GROUP1\TEST* mask, is performed when executing the example. The found users are added to a repository users list. An indicator of users, connected from the server, is set for the users. When distributing privileges and rights for repository objects, corresponding grants in the repository base are not distributed.
See also: