SOAPThe example of using the SetMbSec operation to change access permissions to object. The request contains the list of security subjects and their access permissions to the object. Update flag is set for security description. The response contains the updated description of security of the object.
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <SetMbSec xmlns="http://www.fsight.ru/PP.SOM.Som"> <tMbSec xmlns=" "> <tArg xmlns=" "> <pattern> <meta> <objects> <ods> <its> <d isLink="false" hf="false" isShortcut="false"> <sds> <its> <it> <discrete> <aces> <it> <subject> <sid> <it> <subject> <sid> <it> <subject> <sid> <mandatory> <accessToken> <metaGet> <pattern> <objectsFilter> <keys> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <SetMbSecResult xmlns="http://www.fsight.ru/PP.SOM.Som" xmlns:q1="http://www.fsight.ru/PP.SOM.Som" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <id xmlns=" "> <metaGet xmlns=" "> <id> <meta> <objects> <ods> <its> <d isShortcut="0" isLink="0" hf="0"> <sds> <its> <it> <discrete> <aces> <it> <subject> <sid> <it> <subject> <sid> <it> <subject> <sid> <mandatory> <accessToken>
{
"SetMbSec" :
{
"tMbSec" :
{
"id" : "S2!M"
},
"tArg" :
{
"pattern" :
{
"objects" : "true"
},
"meta" :
{
"objects" :
{
"ods" :
{
"its" :
{
"d" :
{
"@isShortcut" : "false",
"@isLink" : "false",
"@hf" : "false",
"i" : "",
"n" : "", "k" : "73", "c" : "1537", "p" : "4294967295", "h" : "false", "sdKey" : "8183" } } }, "sds" :
{
"its" :
{
"it" :
[
{
"k" : "8183",
"isInherited" : "false",
"isSealed" : "false",
"discrete" :
{
"aces" :
{
"it" :
[
{
"subject" :
{
"k" : "2147483649",
"id" : "ADMIN",
"n" : "User",
"vis" : "true",
"type" : "User",
"sid" :
{
"sid" : "ACE44119CCF4F3EB315E1B1EF525736",
"type" : "User"
}
},
"allow" : "14"
"deny" : "16",
"audit" : "114700"
},
{
"subject" :
{
"k" : "2147483649",
"id" : "ADMINISTRATORS",
"n" : "Built-in group of administrators",
"vis" : "true"
"type" : "Group",
"sid" :
{
"sid" : "ACE44219CCF4F3EB315E1B1EF525736",
"type" : "Group"
}
},
"allow" : "1"
},
{
"subject" :
{
"k" : "8208",
"id" : "PPUSER",
"n" : "PPUser",
"vis" : "true",
"type" : "User",
"sid" :
{
"sid" : "ACE44182089CCF4F3EB315E1B1EF525736",
"type" : "User" } }, "allow" : "98312", "deny" : "16", "audit" : "98312" } ] } },
"mandatory" :
{
"accessToken" :
{
"its" : ""
}
},
"applyFlags" : "0"
}
]
}
}
}
},
"metaGet" :
{
"pattern" :
{
"objects" : "true",
"objectsFilter" :
{
"keys" :
{
"i" : "73"
}
}
}
}
}
}
}
{
"SetMbSecResult" :
{
"id" :
{
"id" : "S2!M"
},
"metaGet" :
{
"id" :
{
"id" : "S2!M"
},
"meta" :
{
"objects" :
{
"ods" :
{
"its" :
{
"d" :
{
"@isShortcut" : "0",
"@isLink" : "0",
"@hf" : "0",
"i" : "",
"n" : "",
"k" : "73",
"c" : "1537",
"p" : "4294967295",
"h" : "0",
"sdKey" : "8209"
}
}
},
"sds" :
{
"its" :
{
"it" :
[
{
"k" : "8209",
"isInherited" : "0",
"isSealed" : "0",
"discrete" :
{
"aces" :
{
"it" :
[
{
"subject" :
{
"k" : "2147483649",
"id" : "ADMIN",
"n" : "User",
"vis" : "1",
"type" : "User",
"sid" :
{
"sid" : "ACE44119CCF4F3EB315E1B1EF525736",
"type" : "User"
}
},
"allow" : "14",
"deny" : "16",
"audit" : "114700"
},
{
"subject" :
{
"k" : "2147483649",
"id" : "ADMINISTRATORS",
"n" : "Built-in group of administrators",
"vis" : "1",
"type" : "Group",
"sid" :
{
"sid" : "ACE44219CCF4F3EB315E1B1EF525736",
"type" : "Group"
}
},
"allow" : "1"
},
{
"subject" :
{
"k" : "8208",
"id" : "PPUSER",
"n" : "PPUser",
"vis" : "1",
"type" : "User",
"sid" :
{
"sid" : "ACE44182089CCF4F3EB315E1B1EF525736",
"type" : "User"
}
},
"allow" : "98312",
"deny" : "16",
"audit" : "98312"
}
]
}
},
"mandatory" :
{
"accessToken" :
{
"its" : ""
} } } ] } } } } } } }
The ChamgeSecurityDescriptor function specified below changes description of security of the repository object. The repository connection moniker, the security subject and the object, for which the permissions are granted, are sent as input parameters. The operation result is the function result. The example uses the FindObjectById function, which code is given in the Getting Object Description by Its Identifier example and the GetObjectSecurityDescriptor function, which code is given in the Getting Description of Object Security example. The result of the operation is the result of the function.
public static SetMbSecResult ChangeSecurityDescriptor(MbId metabase, MbSubject subject, string objectId)
{
var somClient = new SomPortTypeClient(); //Proxy object for operation execution
//Initial description of object security
var objSecDesc = GetObjectSecurityDescriptor(metabase.id, new int[1] {(int)FindObjectById(metabase, objectId).k });
var objects = objSecDesc.meta.objects;
//Object description
var od = objects.ods.its[0];
//Security description
var sd = objects.sds.its[0];
//Source permissions
var aces = new List();
aces.AddRange(sd.discrete.aces);
//New security element that will be added to description
var tAce = new SdAce()
{
//Permission for permission change, import and export.
//Corresponds to MetabaseObjectPredefinedRights.Access + MetabaseObjectPredefinedRights.ExportData + MetabaseObjectPredefinedRights.ImportData
allow = 98312,
//Audit of enabled operations
audit = 98312,
//Prevents deletes. Corresponds to MetabaseObjectPredefinedRights.Delete
deny = 16,
subject = subject // Security subject, to which elements corresponds
};
aces.Add(tAce);
//Refresh list of security elements in description
sd.discrete.aces = aces.ToArray();
//Access permissions refresh flag
sd.applyFlags = 0;
sd.isInherited = false;
//Operation execution parameters
var setMbSec = new SetMbSec()
{
tArg = new SetMbSecArg()
{
//Operation execution pattern
pattern = new MbSecMdPattern()
{
objects = true,
},
//Metadata, which specify changed description of object security
meta = new MbSecMd()
{
objects = new MbObjects()
{
ods = new Ods()
{
its = new Od[1] { od }
},
sds = new Sds()
{
its = new Sd[1] { sd }
}
}
},
//User list refresh parameters after operation execution
metaGet = new GetMbSecArg()
{
pattern = new MbSecMdPattern()
{
objects = true,
objectsFilter = new MbSecOdFilter()
{
keys = new int[1] { (int)od.k }
}
}
}
},
//Repository moniker
tMbSec = new MbId() { id = metabase.id}
};
//Delete user
var result = somClient.SetMbSec(setMbSec);
return result;
}
See also: