IMetabasePolicy.PromoteToIsaMode

Syntax

PromoteToIsaMode(Isa: IMetabaseUser; [Options: IsaModePromoteOptions = 0]);

PromoteToIsaMode(Prognoz.Platform.Interop.Metabase.IMetabaseUser, Prognoz.Platform.Interop.Metabase.IsaModePromoteOptions);

Parameters

Isa. The user who will be Information Security Administrator (ISA). It is necessary to transmit the user with the account *_ISA (where * - schema name) as a value.

Options. Determines parameters of activation of distributing roles between ISA and application administrator(AA). By default after activation ISA does not have rights to update users.

Description

The PromoteToIsaMode method activates a mode of distributing roles between information security administrator and application administrator.

Example

To execute the example make sure that the security manager contains user with the *_ISA user account (where * is the schema name). The mode separating roles between administrators is not used.

Add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.

Sub UserProc;
Var
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Isa: IMetabaseUser;
    Policy: IMetabasePolicy;
    Lic: Object;
Begin
    MB := MetabaseClass.Active;
    
// Check out license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
    MS := MB.Security;
    
// Activate role separation mode
    Isa := MS.ResolveName(MB.Id + "_ISA"As IMetabaseUser;
    Policy := MS.Policy;
    Policy.PromoteToIsaMode(Isa, IsaModePromoteOptions.RestrictAdminAccess 
Or IsaModePromoteOptions.RestrictIsaAccess);
    
// Save changes
    MS.Apply;
    
// Check in license
    Lic := Null;
End Sub UserProc;

Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;

Public Shared Sub Main(Params: StartParams);
Var
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Isa: IMetabaseUser;
    Policy: IMetabasePolicy;
    Lic: Object;
Begin
    MB := Params.Metabase;
    
// Check out license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
    MS := MB.Security;
    
// Activate role separation mode
    Isa := MS.ResolveName(MB.Id + "_ISA"As IMetabaseUser;
    Policy := MS.Policy;
    Policy.PromoteToIsaMode(Isa, IsaModePromoteOptions.ismopropRestrictAdminAccess 
Or IsaModePromoteOptions.ismopropRestrictIsaAccess);
    
// Save changes
    MS.Apply();
    
// Check in license
    Lic := Null;
End Sub;

After executing this example a mode of distributing roles between ISA and AA is activated. Users who have privileges as ISA and AA cannot open repository objects, the message appears that there are not enough rights to do the operation.

See also:

IMetabasePolicy | Distribute administrators roles