IABACPolicySet.CombineAlgorithm

Syntax

CombineAlgorithm: ABACCombineAlgorithm;

CombineAlgorithm: Prognoz.Platform.Interop.ABAC.ABACCombineAlgorithm;

Description

The CombineAlgorithm property determines a combination algorithm of policies set.

Example

To execute the example, add links to the ABAC, Metabase, ForeSystem (for the Fore.NET example) system assemblies.

Sub UserProc;
Var
    PolicyObject: IABACRootPolicyObject;
    PolicySet: IABACPolicySet;
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Lic: Object;
Begin
    MB := MetabaseClass.Active;
    // Get license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
    MS := MB.Security;
    // Activate attribute-based access control
    MS.Policy.AttributeBasedAccessControl := True;
    // Clear attribute-based access control structure
    PolicyObject := MB.Security.Policy.ABACRules;
    PolicyObject.Policies.Clear;
    // Add a policies set
    PolicySet := PolicyObject.Policies.Add;
    PolicySet.Active := True;
    PolicySet.CombineAlgorithm := ABACCombineAlgorithm.PermitOverride;
    PolicySet.Description(MB.CurrentLocale) := "Test policies set";
    PolicySet.Id := "POLICY_SET";
    PolicySet.Name(MB.CurrentLocale) := "Policies set";
    // Set objective of policies set
    PolicySet.Target.AttributeId := "OPERATION";
    PolicySet.Target.Operation := ABACTargetOperation.Equal;
    PolicySet.Target.AttributeValue := 2;
    // Apply changes in security manager
    MS.Apply;
    // Check in license
    Lic := Null;
End Sub UserProc;

Imports Prognoz.Platform.Interop.ABAC;
Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;

Public Shared Sub Main(Params: StartParams);
Var
    PolicyObject: IABACRootPolicyObject;
    PolicySet: IABACPolicySet;
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Lic: Object;
Begin
    MB := Params.Metabase;
    // Get license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
    MS := MB.Security;
    // Activate attribute-based access control
    MS.Policy.AttributeBasedAccessControl := True;
    // Clear attribute-based access control structure
    PolicyObject := MB.Security.Policy.ABACRules;
    PolicyObject.Policies.Clear();
    // Add a policies set
    PolicySet := PolicyObject.Policies.Add();
    PolicySet.Active := True;
    PolicySet.CombineAlgorithm := ABACCombineAlgorithm.abacrcaPermitOverride;
    PolicySet.Description[MB.CurrentLocale] := "Test policies set";
    PolicySet.Id := "POLICY_SET";
    PolicySet.Name[MB.CurrentLocale] := "Policies set";
    // Set objective of policies set
    PolicySet.Target.AttributeId := "OPERATION";
    PolicySet.Target.Operation := ABACTargetOperation.abactoEqual;
    PolicySet.Target.AttributeValue := 2;
    // Apply changes in security manager
    MS.Apply();
    // Check in license
    Lic := Null;
End Sub;

After executing the example the security manager activates the use of attribute-based access control, in which a policies set with the specified parameters is added and activated:

See also:

IABACPolicySet