PromoteToIsaMode(Isa: IMetabaseUser; [Options: IsaModePromoteOptions = 0]);
Isa. The user who will be Information Security Administrator (ISA). It is necessary to transmit the user with the account *_ISA (where * - schema name) as a value.
Options. Determines parameters of activation of distributing roles between ISA and application administrator(AA). By default after activation ISA does not have rights to update users.
The PromoteToIsaMode method activates a mode of distributing roles between information security administrator and application administrator.
To execute the example make sure that the security manager contains user with the *_ISA user account (where * is the schema name). The mode separating roles between administrators is not used.
Add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.
Sub UserProc;
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Isa: IMetabaseUser;
Policy: IMetabasePolicy;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MS := MB.Security;
// Activate role separation mode
Isa := MS.ResolveName(MB.Id + "_ISA") As IMetabaseUser;
Policy := MS.Policy;
Policy.PromoteToIsaMode(Isa, IsaModePromoteOptions.RestrictAdminAccess Or IsaModePromoteOptions.RestrictIsaAccess);
// Save changes
MS.Apply;
// Check in license
Lic := Null;
End Sub UserProc;
Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;
…
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Isa: IMetabaseUser;
Policy: IMetabasePolicy;
Lic: Object;
Begin
MB := Params.Metabase;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MS := MB.Security;
// Activate role separation mode
Isa := MS.ResolveName(MB.Id + "_ISA") As IMetabaseUser;
Policy := MS.Policy;
Policy.PromoteToIsaMode(Isa, IsaModePromoteOptions.ismopropRestrictAdminAccess Or IsaModePromoteOptions.ismopropRestrictIsaAccess);
// Save changes
MS.Apply();
// Check in license
Lic := Null;
End Sub;
After executing this example a mode of distributing roles between ISA and AA is activated. Users who have privileges as ISA and AA cannot open repository objects, the message appears that there are not enough rights to do the operation.
See also: