AccessToken: IAccessToken;
AccessToken: Prognoz.Platform.Interop.Metabase.IAccessToken;
The AccessToken property returns parameters of mandatory access control for the element.
To change the parameters of the mandatory access control of the element use the IAccessElement.ApplyAccessToken method.
Executing the example requires an MDM repository with the MDM identifier that contains an MDM table dictionary with the DICT identifier. The "Change of the security label and of the access control list of any object" privilege should be given to the user who executes the example. In the security manager one or more privacy categories with multiple security levels must be specified.
Add links to the Metabase, Rds system assemblies.
Sub MandatoryAccess;
Var
MB: IMetabase;
Object: IMetabaseObjectDescriptor;
RdsDict: IRdsDictionary;
AOS: IAccessObjectSecurity;
Iterator: IAccessElementsIterator;
Level: integer;
Element: IAccessElement;
Token: IAccessToken;
SecCat: ISecurityCategory;
SecLevel: ISecurityLevel;
Begin
MB := MetabaseClass.Active;
// Obtain the MDM table dictionary
Object := MB.ItemByIdNamespace("DICT", MB.ItemById("MDM").Key);
RdsDict := Object.Bind As IRdsDictionary;
// Check whether the mandatory access control is used
If RdsDict.HasMandatoryAccess Then
//Output the name of the attribute used for the access mandatory control
Debug.WriteLine(RdsDict.Attributes.MandatoryAccess.Id);
// Change access permissions for the first element of the dictionary
AOS := Object.GetSecurity;
Iterator := AOS.GetElements;
Level := Iterator.Next;
Element := Iterator.Current;
Element := Element.Edit;
Token := Element.AccessToken;
SecCat := MB.Security.Policy.MandatoryAccess.Category(0);
SecLevel := SecCat.Level(0);
Token.ClassificationLabel(SecCat) := SecLevel;
Element.ApplyAccessToken(AccessElementApplyOptions.None);
End If;
End Sub MandatoryAccess;
The result of the example execution: if for the elements of the table MDM dictionary the mandatory access control is used then for the first element of the dictionary the first security level in the first privacy category is set.
The requirements and result of the Fore.NET example execution match with those in the Fore example.
Imports Prognoz.Platform.Interop.Rds;
…
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
Object: IMetabaseObjectDescriptor;
RdsDict: IRdsDictionary;
AOS: IAccessObjectSecurity;
Iterator: IAccessElementsIterator;
Level: integer;
Element: IAccessElement;
Token: IAccessToken;
SecCat: ISecurityCategory;
SecLevel: ISecurityLevel;
Begin
MB := Params.Metabase;
// Obtain the MDM table dictionary
Object := MB.ItemByIdNamespace["DICT", MB.ItemById["MDM"].Key];
RdsDict := Object.Bind() As IRdsDictionary;
// Check whether the mandatory access control is used
If RdsDict.HasMandatoryAccess Then
//Output the name of the attribute used for the access mandatory control
System.Diagnostics.Debug.WriteLine(RdsDict.Attributes.MandatoryAccess.Id);
// Change access permissions for the first element of the dictionary
AOS := Object.GetSecurity();
Iterator := AOS.GetElements();
Level := Iterator.Next();
Element := Iterator.Current;
Element := Element.Edit();
Token := Element.AccessToken;
SecCat := MB.Security.Policy.MandatoryAccess.Category[0];
SecLevel := SecCat.Level[0];
Token.ClassificationLabel[SecCat] := SecLevel;
Element.ApplyAccessToken(AccessElementApplyOptions.acelapopNone);
End If;
End Sub;
See also: