ManageDBGrants: Boolean;
ManageDBGrants: System.Boolean;
The ManageDBGrants property determines whether the current user will be given the rights on the DBMS level.
This property is available for changing only when a new user is created in the repository.
If the property is set to True, the appropriate grants will be given to the user on the DBMS server after creation of the user in the repository and change of his privileges or giving the rights to the repository objects.
If the property is set to False, the appropriate grants will not be given to the user on the DBMS server after creation of the user in the repository and change of his privileges or giving the rights to the repository objects. This option is relevant if the created user is connected from the server and already has some grants to the platform objects.
Executing the example requires the GROUP1 domain. The TESTER user was created in this domain. The corresponding users were created on the database server and they possess the certain grants on the objects of the current repository.
Sub UserProc;
Var
MB: IMetabase;
MBSec: IMetabaseSecurity;
SubSearch: ISecuritySubjectsSearch;
Subjects: ISecuritySubjects;
Subject: ISecuritySubject;
Begin
MB := MetabaseClass.Active;
MBSec := MB.Security;
//Domain users adding parameters setting
MB.CurrentDomainSubjectAddState(SecuritySubjectType.User) :=
DomainSubjectAddState.MakeExternalOff
Or DomainSubjectAddState.ManageDBGrantsOn
Or DomainSubjectAddState.Keep;
//Object for searching users
SubSearch := MBSec.NewSubjectsSearch;
SubSearch.NameCriteria := "GROUP1\TESTER";
//Searching only domain users
SubSearch.AreaIncludeDB := False;
SubSearch.AreaIncludeNT := True;
SubSearch.SubjectCriteria(SecuritySubjectType.User) := True;
SubSearch.ExecuteSearch;
//Found users
Subjects := SubSearch.Subjects;
Debug.WriteLine(Subjects.Count);
If Subjects.Count > 0 Then
Subject := Subjects.Item(0);
Subject := MBSec.AddNTSubject(Subject);
//Added domain user parameters change
//Current parameters do not conform to the parameters ,that
//were set before in the property CurrentDomainSubjectAddState
(Subject As IMetabaseUser).External := True;
(Subject As IMetabaseUser).ManageDBGrants := False;
//Applying security policy
MBSec.Apply;
End If;
End Sub UserProc;
After executing the example the search for the domain user with GROUP1\TESTER name is performed. If the user name is found, it is added to the repository users list. On adding the user name the user is assigned the characteristic of the one connected from server. In the process of the distribution of privileges and objects access permissions the according rights are not granted to the user.
Executing the example requires the GROUP1 domain. The TESTER user was created in this domain. The corresponding users were created on the database server and they possess the certain grants on the objects of the current repository. The specified procedure is an entry point for the .NET assembly.
Imports Prognoz.Platform.Interop.Metabase;
Public Shared Sub Main1(Params: StartParams);
Var
MB: IMetabase;
MBSec: IMetabaseSecurity;
SubSearch: ISecuritySubjectsSearch;
Subjects: ISecuritySubjects;
Subject: ISecuritySubject;
Begin
MB := Params.Metabase;
MBSec := MB.Security;
//Domain users adding parameters setting
MB.CurrentDomainSubjectAddState[SecuritySubjectType.sstUser] :=
DomainSubjectAddState.dsasMakeExternalOff
Or DomainSubjectAddState.dsasManageDBGrantsOn
Or DomainSubjectAddState.dsasKeep;
//Object for searching users
SubSearch := MBSec.NewSubjectsSearch();
SubSearch.NameCriteria := "GROUP1\TESTER";
//Searching only domain users
SubSearch.AreaIncludeDB := False;
SubSearch.AreaIncludeNT := True;
SubSearch.SubjectCriteria[SecuritySubjectType.sstUser] := True;
SubSearch.ExecuteSearch();
//Found users
Subjects := SubSearch.Subjects;
If Subjects.Count > 0 Then
Subject := Subjects.Item[0];
Subject := MBSec.AddNTSubject(Subject);
//Added domain user parameters change
//Current parameters do not conform to the parameters ,that
//were set before in the property CurrentDomainSubjectAddState
(Subject As IMetabaseUser).External := True;
(Subject As IMetabaseUser).ManageDBGrants := False;
//Applying security policy
MBSec.Apply();
End If;
End Sub;
After executing the example the search for the domain user with GROUP1\TESTER name is performed. If the user name is found, it is added to the repository users list. On adding the user name the user is assigned the characteristic of the one connected from server. In the process of the distribution of privileges and objects access permissions the according rights are not granted to the user.
See also: