IMetabaseGroup.Role

Syntax

Role: String;

Role: System.String;

Description

The Role property determines the role of the Oracle DBMS, which is corresponded to this group of users.

Comments

The property is relevant only for domain groups of users. On adding a domain group, name of the group is specified in the repository security manager as the value of the Role property. If required, it can be changed.

Value of the Role property is used if the repository is entered by using domain authorization and security levels. On linking a domain user, which is missing in the repository security manager, entering of the user into the domain groups linked in the security manager, is checked. If the user is included into a domain group, correspondence of the role set for the group to the roles created on the DBMS server, is checked. If the server includes the specified role, the user is linked according to the security levels set for the group. Otherwise the appropriate error message is shown.

Example

To execute the example, add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.

Sub UserProc;
Var
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Search: ISecuritySubjectsSearch;
    Subjects: ISecuritySubjects;
    Subject: ISecuritySubject;
    Lic: Object;
Begin
    MB := MetabaseClass.Active;
    // Get license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
    MS := MB.Security;
    // Find domain group of users by parameters
    Search := MS.NewSubjectsSearch;
    Search.NameCriteria := "DOMAIN_GROUP";
    Search.AreaIncludeDB := False;
    Search.AreaIncludeNT := True;
    Search.SubjectCriteria(SecuritySubjectType.Group) := True;
    Search.ExecuteSearch;
    Subjects := Search.Subjects; // found groups of users
    If Subjects.Count > 0 Then
        // Set parameters of domain group addition
        MS.CurrentDomainSubjectAddState(SecuritySubjectType.Group) :=
        DomainSubjectAddState.MakeExternalOn
        Or DomainSubjectAddState.ManageDBGrantsOff;
        // Add domain group
        Subject := MS.AddNTSubject(Subjects.Item(0));
        (Subject As IMetabaseGroup).Role := "GUEST";
        // Save changes
        MS.Apply;
    End If;
    // Check in license
    Lic := Null;
End Sub UserProc;

Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;

Public Shared Sub Main(Params : StartParams);
Var
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Search: ISecuritySubjectsSearch;
    Subjects: ISecuritySubjects;
    Subject: ISecuritySubject;
    Lic: Object;
Begin
    MB := Params.Metabase;
    // Get license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
    MS := MB.Security;
    // Find domain group of users by parameters
    Search := MS.NewSubjectsSearch();
    Search.NameCriteria := "DOMAIN_GROUP";
    Search.AreaIncludeDB := False;
    Search.AreaIncludeNT := True;
    Search.SubjectCriteria[SecuritySubjectType.sstGroup] := True;
    Search.ExecuteSearch();
    Subjects := Search.Subjects; // found groups of users
    If Subjects.Count > 0 Then
        // Set parameters of domain group addition
        MS.CurrentDomainSubjectAddState[SecuritySubjectType.sstGroup] :=
        DomainSubjectAddState.dsasMakeExternalOn
        Or DomainSubjectAddState.dsasManageDBGrantsOff;
        // Add domain group
        Subject := MS.AddNTSubject(Subjects.Item[0]);
        (Subject As IMetabaseGroup).Role := "GUEST";
        // Save changes
        MS.Apply();
    End If;
    // Check in license
    Lic := Null;
End Sub;

After executing the example, the DOMAIN_GROUP group will be searched among domain security subjects. If the group is found, it will be added to the list of the groups of repository security manager. The GUEST role will be determined for the group.

See also:

IMetabaseGroup