IABACTarget.SecondAttrId

Syntax

SecondAttrId: String;

SecondAttrId: System.String;

Description

The SecondAttrId property determines a value as a custom attribute to compare with the specified attribute.

Comments

The property is relevant for comparing of custom attributes of subjects or objects. The first attribute is set using the IABACTarget.AttributeId property. The second attribute is set using the SecondAttrId property and automatically sends value as a custom attribute to the IABACTarget.AttributeValue property.

Example

To execute the example, make sure that attribute-based access control structure contains a policies set.

Add links to the ABAC, Metabase, ForeSystem (for the Fore.NET example) system assemblies.

Sub UserProc;
Var
    PolicyObject: IABACRootPolicyObject;
    PolicySet: IABACPolicySet;
    Policy: IABACPolicy;
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Lic: Object;
Begin
    MB := MetabaseClass.Active;
    // Get license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
    MS := MB.Security;
    // Get attribute-based access control structure
    PolicyObject := MB.Security.Policy.ABACRules;
    // Get policy in the first policies set
    PolicySet := PolicyObject.Policies.Item(0);
    Policy := PolicySet.Policies.Add;
    Policy.Name(MB.CurrentLocale) := "Test policy";
    // Set policy objective
    Policy.Target.AttributeId := "SUBJECT.CUSTOM_ATTR1";
    Policy.Target.Operation := ABACTargetOperation.Equal;
    Policy.Target.SecondAttrId := "OBJECT.CUSTOM_ATTR2";
    // Apply changes in security manager
    MS.Apply;
    // Check in license
    Lic := Null;
End Sub UserProc;

Imports Prognoz.Platform.Interop.ABAC;
Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;

Public Shared Sub Main(Params: StartParams);
Var
    PolicyObject: IABACRootPolicyObject;
    PolicySet: IABACPolicySet;
    Policy: IABACPolicy;
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Lic: Object;
Begin
    MB := Params.Metabase;
    // Get license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
    MS := MB.Security;
    // Get attribute-based access control structure
    PolicyObject := MB.Security.Policy.ABACRules;
    // Get policy in the first policies set
    PolicySet := PolicyObject.Policies.Item[0];
    Policy := PolicySet.Policies.Add();
    Policy.Name[MB.CurrentLocale] := "Test policy";
    // Set policy objective
    Policy.Target.AttributeId := "SUBJECT.CUSTOM_ATTR1";
    Policy.Target.Operation := ABACTargetOperation.abactoEqual;
    Policy.Target.SecondAttrId := "OBJECT.CUSTOM_ATTR2";
    // Apply changes in security manager
    MS.Apply();
    // Check in license
    Lic := Null;
End Sub;

After executing the example the policy with the specified objective is added to the first policies set. The attribute-based access control structure will look as follows:

See also:

IABACTarget