AccessAttribute(AttributeKey: Integer): String;
AccessAttribute[AttributeKey: uinteger]: string;
AttributeKey. Key of access attribute, by which it is necessary to find out a security label. As a parameter value, pass key of one of the basic attributes: READACCESS, WRITEACCESS, DELETEACCESS, or ACCESSACCESS.
The AccessAttribute property determines a security label by access attribute, which key is passed by the AttributeKey parameter.
Security label is defined in a string mode. This property is used if access is distributed for more than 32 security subjects.
The example of working with a security label is given in the Controlling Access Permissions to Elements subsection.
Executing the example requires an MDM repository that contains an MDM dictionary with the Dict_1 identifier. Control of access permissions is enabled for dictionary elements. There is the user User_1 in a list of security subjects that have access to a dictionary.
Sub UserProc;
Var
MB: IMetabase;
MObj: IMetabaseObject;
LabelSec: ISecurityLabels;
Dict: IRdsDictionary;
Attrs: IRdsAttributes;
DictInst: IRdsDictionaryInstance;
Element: IRdsDictionaryElement;
Data: IRdsDictionaryElementData;
Subject, Maping: ISecuritySubject;
i: Integer;
AttributeValue: IAccessAttributeValue;
Begin
MB := MetabaseClass.Active;
MObj := MB.ItemById("Dict_1").Bind;
LabelSec := MObj.SecurityDescriptor.LabelSecurity;
Subject := Mb.Security.ResolveName("User_1");
//Find bit associated with the user
For i := 0 To LabelSec.BitCount - 1 Do
Maping := LabelSec.Mapping(i);
If Maping <> Null Then
If Maping.Sid.AsString = Subject.Sid.AsString Then
Break;
End If;
End If;
End For;
//Change permissions to the element for the specified user
Dict := MObj As IRdsDictionary;
Attrs := Dict.Attributes;
DictInst := Dict.Open(Null);
Element := DictInst.Elements.Item(1);
Data := Element.Data;
//Create access attribute
AttributeValue := New AccessAttributeValue.Create(LabelSec.BitCount, Data.AccessAttribute(Attrs.DeleteAccess.Key));
//Change user permissions
AttributeValue.Value(i) := True; //False, if necessary to take permission to delete
//Set new permissions
Data.AccessAttribute(Attrs.DeleteAccess.Key) := AttributeValue.ToString;
Element.Update(Data);
End Sub UserProc;
After executing the example access permissions to the first element of the dictionary are updated. Permission to delete element is set for the first user.
Executing the example requires an MDM repository that contains an MDM dictionary with the Dict_1 identifier. Control of access permissions is enabled for dictionary elements. There is the user User_1 in a list of security subjects that have access to a dictionary.
Imports System;
Imports System.Diagnostics;
Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.Rds;
Public Sub UserProc(Params: StartParams);
Var
MB: IMetabase;
MObj: IMetabaseObject;
LabelSec: ISecurityLabels;
Dict: IRdsDictionary;
Attrs: IRdsAttributes;
DictInst: IRdsDictionaryInstance;
Element: IRdsDictionaryElement;
Data: IRdsDictionaryElementData;
Subject, Maping: ISecuritySubject;
i: Integer;
AttributeValue: AccessAttributeValue = New AccessAttributeValueClass();
Begin
MB := Params.Metabase;
MObj := MB.ItemById["Dict_1"].Bind();
LabelSec := MObj.SecurityDescriptor.LabelSecurity;
Subject := Mb.Security.ResolveName("User_1");
//Search for the bit associated with the user
For i := 0 To LabelSec.BitCount - 1 Do
Maping := LabelSec.Mapping[i];
If Maping <> Null Then
If Maping.Sid.AsString = Subject.Sid.AsString Then
Break;
End If;
End If;
End For;
//Change permissions to the element for the specified user
Dict := MObj As IRdsDictionary;
Attrs := Dict.Attributes;
DictInst := Dict.Open(Null);
Element := DictInst.Elements.Item[1];
Data := Element.Data;
//Create access attribute
AttributeValue.Create(LabelSec.BitCount, Data.AccessAttribute[Attrs.DeleteAccess.Key]);
//Change permissions for the user
AttributeValue.Value[i] := True; //False, if necessary to take permission to delete
//Set new permissions
Data.AccessAttribute[Attrs.DeleteAccess.Key] := AttributeValue.ToString;
Element.Update(Data);
End Sub UserProc;
After executing the example, access permissions to the first element of the dictionary are updated. Permission to delete element is set for the first user.
See also: