Executing the example requires an MDM repository with the MDM identifier, that contains an MDM dictionary with the MDM_DICT identifier. The MDM_DICT dictionary must contain a custom attribute with the USERATTRIBUT identifier.
The list of platform access subjects must include two additional users (except for the basic ADMIN user and ADMINISTRATORS group). The MDM_DICT dictionary must have security labels created for additional users.
After executing the example access permissions for the Name and USERATTRIBUT attributes are changed in the MDM_DICT dictionary. Permissions for the Name attribute: read - ADMIN user and the first additional user; write - the second and third additional users. Permissions for the USERATTRIBUT attribute: read - ADMIN user and the second additional user; write - the second additional user.
Add links to the Metabase, Rds system assemblies.
Sub userProc;
Var
MB: IMetabase;
MObj: IMetabaseObject;
Dict: IRdsDictionary;
Attrs: IRdsAttributes;
Attr: IRdsAttribute;
SecLab: ISecurityLabels;
Admin, User1, User2: ISecuritySubject;
Begin
MB := MetabaseClass.Active;
//Get MDM dictionary
MObj := MB.ItemByIdNamespace("MDM_DICT", MB.ItemById("MDM").Key).Edit;
//Get attributes list
Dict := MObj As IRdsDictionary;
SecLab := MObj.SecurityDescriptor.LabelSecurity;
//Users
Admin := SecLab.Mapping(0); //Admin user
User1 := SecLab.Mapping(2); //First additional user
User2 := SecLab.Mapping(3); //Second additional user
Attrs := Dict.Attributes;
//Permissions for the Name attribute
Attr := Attrs.Name;
Attr.ReadAccess := SecLab.Value(Admin) + SecLab.Value(User1);
Attr.WriteAccess := SecLab.Value(User1) + SecLab.Value(User2);
//Permissions for the custom attribute USERATTRIBUT
Attr := Attrs.FindById("USERATTRIBUT");
Attr.ReadAccess := SecLab.Value(Admin) + SecLab.Value(User2);
Attr.WriteAccess := SecLab.Value(User2);
//Save changes
MObj.Save;
End Sub userProc;
Imports Prognoz.Platform.Interop.Rds;
…
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
MObj: IMetabaseObject;
Dict: IRdsDictionary;
Attrs: IRdsAttributes;
Attr: IRdsAttribute;
SecLab: ISecurityLabels;
Admin, User1, User2: ISecuritySubject;
Begin
MB := Params.Metabase;
//Get MDM dictionary
MObj := MB.ItemByIdNamespace["MDM_DICT", MB.ItemById["MDM"].Key].Edit();
//Get attributes' list
Dict := MObj As IRdsDictionary;
SecLab := MObj.SecurityDescriptor.LabelSecurity;
//Users
Admin := SecLab.Mapping[0]; //Admin user
User1 := SecLab.Mapping[2]; //First additional user
User2 := SecLab.Mapping[3]; //Second additional user
Attrs := Dict.Attributes;
//Permissions for the Name attribute
Attr := Attrs.Name;
Attr.ReadAccess := SecLab.Value[Admin] + SecLab.Value[User1];
Attr.WriteAccess := SecLab.Value[User1] + SecLab.Value[User2];
//Permissions for the custom attribute USERATTRIBUT
Attr := Attrs.FindById("USERATTRIBUT");
Attr.ReadAccess := SecLab.Value[Admin] + SecLab.Value[User2];
Attr.WriteAccess := SecLab.Value[User2];
//Save changes
MObj.Save();
End Sub;
See also: