GetEffectiveRights(Subject: ISecuritySubject): Integer;
Subject. Security subject, for which effective access permissions should be calculated.
The GetEffectiveRights method calculates the effective access permissions of the specified security subject to the repository object.
On calculating effective permissions the selected access control methods is made for it. If discretionary access control is used, then for a specific object type permissions by classes are calculated in addition.
The effective rights includes all operation for which the explicit permission was set for the user. The value that this method returns, is an access mask. Mask value is 4-byte binary number converted to decimal form. It is necessary to use a value of the MetabaseObjectPredefinedRights enumeration to check a value of the mask. This enumeration contains main and additional operations to which it is possible to give rights. The specific operations are available for defined classes of objects. Values of the following enumerations can be used to check specific operations depending on the object class:
CalculatedCubeSpecificRights are specific operations available for calculated cubes.
CubeLoaderSpecificRights are specific operations available for loading data in a cube.
CubeSpecificRights are specific operations available for different types of cubes.
CustomObjectSpecificRights are specific operations available for objects of custom classes.
DataBaseSpecificRights are specific operations available for repository object - Database.
DictionarySpecificRights are specific operations available for repository objects - MDM Dictionary and Composite MDM dictionary.
MDCalcSpecificRights are specific operations available for repository object - Multidimensional calculation on DB server.
ProblemSpecificRights are specific operations available for an object of modeling container - Modeling task.
ProcedureSpecificRights are specific operations available for repository object - Procedure.
ScenarioDimensionSpecificRights are specific operations available for the repository object - Modeling Scenario.
TableSpecificRights are specific operations available for the following repository objects - Table, View, Log, External table.
ValidationSpecificRights are specific operations available for repository object - Validation rule and Validation group.
Basic, additional and specific operations available for specified objects types are shown in theTypes of Events section.
To analyze a mask value it is necessary to implement a custom function that enables the comparison of separate mask bits with relevant enumerations values. The example of work with access mask is shown in the Working with Access Mask section.
Executing the example requires that the repository contains an object with the Obj_1 identifier. There is the TestUser user among the security subjects that were created in the security manager of the current repository.
Sub UserProc;
Var
MB: IMetabase;
MDesc: IMetabaseObjectDescriptor;
SecDesc: ISecurityDescriptor;
Subj: ISecuritySubject;
i: Integer;
Begin
MB := MetabaseClass.Active;
Subj := MB.Security.ResolveName("TestUser");
MDesc := MB.ItemById("Obj_1");
SecDesc := MDesc.SecurityDescriptor;
i := SecDesc.GetEffectiveRights(Subj);
End Sub UserProc;
After executing this example the "i" variable contains a value that corresponds to the effective rights that were given to the specified user to the Obj_1 object.
See also: