ISecurityDescriptor.HasAccessAuditLabel

Syntax

HasAccessAuditLabel(

DesiredAccess: Integer;

Var Access: Boolean;

Var Audit: Boolean;

Parameters

Subject. Security subject, for which the availability of the permissions to the specified operations on object is checked.

DesiredAccess. Mask that determines operations, permissions for which must be checked for the Subject security subject. It is necessary to use values of the enumeration type MetabaseObjectPredefinedRights to form mask value. This enumeration contains basic and additional operations on which permissions can be given and access audit can be led. The specific operations are available for defined classes of objects. To use specific operations depending on the object class in a mask there is a possibility to use values of the following enumerations:

CalculatedCubeSpecificRights are specific operations available for calculated cubes.
CubeLoaderSpecificRights are specific operations available for loading data in a cube.
CubeSpecificRights are specific operations available for different types of cubes.
CustomObjectSpecificRights are specific operations available for objects of custom classes.
DataBaseSpecificRights are specific operations available for repository object - Database.
DictionarySpecificRights are specific operations available for repository objects - MDM Dictionary and Composite MDM dictionary.
MDCalcSpecificRights are specific operations available for repository object - Multidimensional calculation on DB server.
ProblemSpecificRights are specific operations available for an object of modeling container - Modeling task.
ProcedureSpecificRights are specific operations available for repository object - Procedure.
ScenarioDimensionSpecificRights are specific operations available for the repository object - Modeling Scenario.
TableSpecificRights are specific operations available for the following repository objects - Table, View, Log, External table.
ValidationSpecificRights are specific operations available for repository object - Validation rule and Validation group.

Access. Variable, which determines whether there are permissions to perform specified operations on the object. The variable is set to True if the security subject has permissions to perform all specified operations on the object.

Audit. The variable that determines whether specified operations for the Subject security subject are audited. The variable is set to true if the specified security subject is audited at least by one of the specified operations.

Label. The variable, to which security label parameters are placed. Security label is calculated if the mandatory access to objects is active.

Description

The HasAccessAudit method checks and indicates whether user has the permissions to perform the specified operations and whether specified operations on object are audited and also calculates parameters of the security label that is used when printing and exporting the repository objects.

Example

Executing the example requires that the repository contains an object with the Obj_1 identifier. There is the TestUser user among the security subjects that were created in the security manager of the current repository.

    Sub UserProc;
    Var
        MB: IMetabase;
        MDesc: IMetabaseObjectDescriptor;
        SecDesc: ISecurityDescriptor;
        Subj: ISecuritySubject;
        b, b1: Boolean;
        Lab: ISecurityDocumentLabel;
    Begin
        MB := MetabaseClass.Active;
        Subj := MB.Security.ResolveName("TestUser");
        MDesc := MB.ItemById("Obj_1");
        SecDesc := MDesc.SecurityDescriptor;
        SecDesc.HasAccessAuditLabel(Subj,
            MetabaseObjectPredefinedRights.Access Or
            MetabaseObjectPredefinedRights.Delete, b, b1, Lab);
        If Lab.IsON Then
            Debug.WriteLine(Lab.Label);
            Debug.WriteLine(Lab.LabelDescription);
            Debug.WriteLine(Lab.TreatSectionAsDocument);
            Debug.WriteLine(Lab.User.Name);
        End If;
    End Sub UserProc;

After executing this example the "b" variables determine whether user has the rights to change the rights and remove the object and the "b1" variable indicates whether one of this operations is audited. The check is made for the Obj_1 repository object relative to the TestUser user. If the mandatory access control was activated in the repository and the level, for which the marking of objects is provided when exporting and printing, was specified to the object, the Lab variable would contain parameters of the security label that is used for marking. These parameters are displayed in the development environment console.