IMetabasePolicy.AllowCreateUserGrant

Syntax

AllowCreateUserGrant: Boolean;

AllowCreateUserGrant: System.Boolean;

Description

The AllowCreateUserGrant property enables creating two roles while maintaining the security policy:

Comments

By default this property is deselected. It becomes available when roles of application administrator and ISA are separated.

The information security administrator will be included into the created roles. Only the administrator can change the property value. If AllowCreateUserGrant is set to False, roles are deleted.

During the user update depending on the privileges, the user is either added to the role, or removed from the role.

The property is available only for repositories created on the basis of Oracle DBMS.

Example

To execute the example make sure that the repository is created basing on Oracle DBMS.

Add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.

Sub UserProc;
Var
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Isa: IMetabaseUser;
    Policy: IMetabasePolicy;
    Lic: Object;     
Begin
    MB := MetabaseClass.Active;
    
// Check out license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
    MS := MB.Security;
    Isa := MS.ResolveName(MB.Id + 
"_ISA"As IMetabaseUser;
    Policy := MS.Policy;
    
// Enable role distribution between AIS and application administrator
    Policy.PromoteToIsaMode(Isa, IsaModePromoteOptions.RestrictAdminAccess Or IsaModePromoteOptions.RestrictIsaAccess);
    
// Create two roles
    Policy.AllowCreateUserGrant := True;
    
// Save changes
    MS.Apply;
    
// Check in license
    Lic := Null;
End Sub UserProc;

Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;

Public Shared Sub Main(Params : StartParams);
Var
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Isa: IMetabaseUser;
    Policy: IMetabasePolicy;
    Lic: Object;     
Begin
    MB := Params.Metabase;
    
// Check out license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
    MS := MB.Security;
    Isa := MS.ResolveName(MB.Id + 
"_ISA"As IMetabaseUser;
    Policy := MS.Policy;
    
// Enable role distribution between AIS and application administrator
    Policy.PromoteToIsaMode(Isa, IsaModePromoteOptions.ismopropRestrictAdminAccess Or IsaModePromoteOptions.ismopropRestrictIsaAccess);
    
// Create two roles
    Policy.AllowCreateUserGrant := True;
    
// Save changes
    MS.Apply();
    
// Check in license
    Lic := Null;
End Sub;

After executing the example activates mode of role distribution between AIS and application administrator. Two roles will be created for AIS which will be used on user administration.

See also:

IMetabasePolicy