CurrentDomainSubjectAddState(Type: SecuritySubjectType): DomainSubjectAddState;
CurrentDomainSubjectAddState[Prognoz.Platform.Interop.Metabase.SecuritySubjectType]: Prognoz.Platform.Interop.Metabase.DomainSubjectAddState;
Type. Type of the security subjects, which parameters of adding need defining.
The CurrentDomainSubjectAddState property determines settings of adding domain security subjects.
The settings made in the CurrentDomainSubjectAddState property will be applied for all added users. This property is analog of the IMetabase.CurrentDomainSubjectAddState property.
Executing the example requires the GROUP1 domain where there are users containing TEST* in the name. Corresponding users are also created on the DB server and have specific grants on the current repository objects.
Add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.
Sub UserProc;
Var
MB: IMetabase;
MBSec: IMetabaseSecurity;
SubSearch: ISecuritySubjectsSearch;
Subjects: ISecuritySubjects;
Subject: ISecuritySubject;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Get license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MBSec := MB.Security;
// Get object to find users
SubSearch := MBSec.NewSubjectsSearch;
SubSearch.NameCriteria := "GROUP1\TEST*";
// Set search only of domain users
SubSearch.AreaIncludeDB := False;
SubSearch.AreaIncludeNT := True;
SubSearch.SubjectCriteria(SecuritySubjectType.User) := True;
SubSearch.ExecuteSearch;
// Get users
Subjects := SubSearch.Subjects;
If Subjects.Count > 0 Then
// Set parameters of adding domain users
MBSec.CurrentDomainSubjectAddState(SecuritySubjectType.User) :=
DomainSubjectAddState.MakeExternalOn
Or DomainSubjectAddState.ManageDBGrantsOff
Or DomainSubjectAddState.Keep;
// Add all found users
For Each Subject In Subjects Do
MBSec.AddNTSubject(Subject);
End For;
// Save changes
MBSec.Apply;
// Release license
Lic := Null;
End If;
End Sub UserProc;
Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;
…
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
MBSec: IMetabaseSecurity;
SubSearch: ISecuritySubjectsSearch;
Subjects: ISecuritySubjects;
Subject: ISecuritySubject;
Lic: Object;
Begin
MB := Params.Metabase;
// Get license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
MBSec := MB.Security;
// Get object to find users
SubSearch := MBSec.NewSubjectsSearch();
SubSearch.NameCriteria := "GROUP1\TEST*";
// Set search only of domain users
SubSearch.AreaIncludeDB := False;
SubSearch.AreaIncludeNT := True;
SubSearch.SubjectCriteria[SecuritySubjectType.sstUser] := True;
SubSearch.ExecuteSearch();
// Get users
Subjects := SubSearch.Subjects;
If Subjects.Count > 0 Then
// Set parameters of adding domain users
MBSec.CurrentDomainSubjectAddState[SecuritySubjectType.sstUser] :=
DomainSubjectAddState.dsasMakeExternalOn
Or DomainSubjectAddState.dsasManageDBGrantsOff
Or DomainSubjectAddState.dsasKeep;
// Add all found users
For Each Subject In Subjects Do
MBSec.AddNTSubject(Subject);
End For;
// Save changes
MBSec.Apply();
// Release license
Lic := Null;
End If;
End Sub;
Searching of all domain users, whose name meets the GROUP1\TEST* mask, is performed after executing the example. The found users are added to a repository users list. An indicator of users, connected from the server, is set for the users. When distributing privileges and rights for repository objects, corresponding grants in the repository base are not distributed.
See also: