To report a found bug,
please, select the text with the bug and click Report a Bug or
CTRL+ENTER.
Help
system 9.2 Update 19 of 20/04/2021,
©
FORESIGHT
AccessToken: IAccessToken;
AccessToken: Prognoz.Platform.Interop.Metabase.IAccessToken;
The AccessToken property returns parameters of mandatory access control for the element.
To change the parameters of the mandatory access control of the element use the IAccessElement.ApplyAccessToken method.
Executing the example requires an MDM repository with the MDM identifier that contains an MDM table dictionary with the DICT identifier. The "Changing Security Label and Access Control List of Any Object" privilege should be given to the user who executes the example. In the security manager one or more privacy categories with multiple security levels must be specified.
Add links to the Metabase, Rds system assemblies.
Sub MandatoryAccess;
Var
MB: IMetabase;
Object: IMetabaseObjectDescriptor;
RdsDict: IRdsDictionary;
AOS: IAccessObjectSecurity;
Iterator: IAccessElementsIterator;
Level: integer;
Element: IAccessElement;
Token: IAccessToken;
SecCat: ISecurityCategory;
SecLevel: ISecurityLevel;
Begin
MB := MetabaseClass.Active;
// Get table MDM dictionary
Object := MB.ItemByIdNamespace("DICT", MB.ItemById("MDM").Key);
RdsDict := Object.Bind As IRdsDictionary;
// Check if mandatory access control is used
If RdsDict.HasMandatoryAccess Then
//Display name of the attribute used for mandatory access control
Debug.WriteLine(RdsDict.Attributes.MandatoryAccess.Id);
// Change access permissions for the first element of the dictionary
AOS := Object.GetSecurity;
Iterator := AOS.GetElements;
Level := Iterator.Next;
Element := Iterator.Current;
Element := Element.Edit;
Token := Element.AccessToken;
SecCat := MB.Security.Policy.MandatoryAccess.Category(0);
SecLevel := SecCat.Level(0);
Token.ClassificationLabel(SecCat) := SecLevel;
Element.ApplyAccessToken(AccessElementApplyOptions.None);
End If;
End Sub MandatoryAccess;
Example execution result: if mandatory access control is used for the elements of the table MDM dictionary, the first security level in the first privacy category is set for the first element of the dictionary.
The requirements and result of the Fore.NET example execution match with those in the Fore example.
Imports Prognoz.Platform.Interop.Rds;
…
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
Object: IMetabaseObjectDescriptor;
RdsDict: IRdsDictionary;
AOS: IAccessObjectSecurity;
Iterator: IAccessElementsIterator;
Level: integer;
Element: IAccessElement;
Token: IAccessToken;
SecCat: ISecurityCategory;
SecLevel: ISecurityLevel;
Begin
MB := Params.Metabase;
// Get table MDM dictionary
Object := MB.ItemByIdNamespace["DICT", MB.ItemById["MDM"].Key];
RdsDict := Object.Bind() As IRdsDictionary;
// Check if mandatory access control is used
If RdsDict.HasMandatoryAccess Then
//Display name of the attribute used for mandatory access control
System.Diagnostics.Debug.WriteLine(RdsDict.Attributes.MandatoryAccess.Id);
// Change access permissions for the first element of the dictionary
AOS := Object.GetSecurity();
Iterator := AOS.GetElements();
Level := Iterator.Next();
Element := Iterator.Current;
Element := Element.Edit();
Token := Element.AccessToken;
SecCat := MB.Security.Policy.MandatoryAccess.Category[0];
SecLevel := SecCat.Level[0];
Token.ClassificationLabel[SecCat] := SecLevel;
Element.ApplyAccessToken(AccessElementApplyOptions.acelapopNone);
End If;
End Sub;
See also: