SOAP request:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><SetMbSec xmlns="http://www.prognoz.ru/PP.SOM.Som"><tMbSec xmlns=" "> <id>S1!M</id>
</tMbSec>
<tArg xmlns=" "><pattern> <objects>true</objects>
</pattern>
<meta><objects><ods><its><d isShortcut="false" isLink="false" hf="false"> <i>OBJ2</i>
<n>obj2</n>
<k>535</k>
<c>1537</c>
<p>533</p>
<h>false</h>
<sdKey>544</sdKey>
<hasPrv>false</hasPrv>
<ic>false</ic>
</d>
</its>
</ods>
<sds><its><it> <k>544</k>
<isInherited>false</isInherited>
<isSealed>false</isSealed>
<discrete><aces><it><subject> <k>2147483649</k>
<id>ADMINISTRATORS</id>
<n>ADMINISTRATORS</n>
<vis>true</vis>
<type>Group</type>
<sid> <sid>PS-2-1</sid>
<type>Group</type>
</sid>
</subject>
<allow>1</allow>
</it>
<it><subject> <k>2147483649</k>
<id>ADMIN</id>
<vis>true</vis>
<type>User</type>
<sid> <sid>PS-1-1</sid>
<type>User</type>
</sid>
</subject>
<allow>1</allow>
</it>
<it><subject> <k>545</k>
<id>NEWADMIN</id>
<n>NewAdmin</n>
<vis>true</vis>
<type>User</type>
<sid> <sid>PS-1-545</sid>
<type>User</type>
</sid>
</subject>
<allow>98312</allow>
<deny>16</deny>
<audit>98312</audit>
</it>
</aces>
</discrete>
<mandatory><accessToken> <its />
</accessToken>
</mandatory>
<applyFlags>0</applyFlags>
</it>
</its>
</sds>
</objects>
</meta>
<metaGet><pattern> <objects>true</objects>
<objectsFilter><keys> <i>535</i>
</keys>
</objectsFilter>
</pattern>
</metaGet>
</tArg>
</SetMbSec>
</s:Body>
</s:Envelope>
SOAP response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><SetMbSecResult xmlns="http://www.prognoz.ru/PP.SOM.Som" xmlns:q1="http://www.prognoz.ru/PP.SOM.Som" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><id xmlns=" "> <id>S1!M</id>
</id>
<metaGet xmlns=" "><id> <id>S1!M</id>
</id>
<meta><objects><ods><its><d isShortcut="0" isLink="0" hf="0"> <i>OBJ2</i>
<n>obj2</n>
<k>535</k>
<c>1537</c>
<p>533</p>
<h>0</h>
<sdKey>546</sdKey>
<hasPrv>0</hasPrv>
<ic>0</ic>
</d>
</its>
</ods>
<sds><its><it> <k>546</k>
<isInherited>0</isInherited>
<isSealed>0</isSealed>
<discrete><aces><it><subject> <k>2147483649</k>
<id>ADMINISTRATORS</id>
<n>ADMINISTRATORS</n>
<vis>1</vis>
<type>Group</type>
<sid> <sid>PS-2-1</sid>
<type>Group</type>
</sid>
</subject>
<allow>1</allow>
</it>
<it><subject> <k>2147483649</k>
<id>ADMIN</id>
<vis>1</vis>
<type>User</type>
<sid> <sid>PS-1-1</sid>
<type>User</type>
</sid>
</subject>
<allow>1</allow>
</it>
<it><subject> <k>545</k>
<id>NEWADMIN</id>
<n>NewAdmin</n>
<vis>1</vis>
<type>User</type>
<sid> <sid>PS-1-545</sid>
<type>User</type>
</sid>
</subject>
<allow>98312</allow>
<deny>16</deny>
<audit>98312</audit>
</it>
</aces>
</discrete>
<mandatory><accessToken> <its />
</accessToken>
</mandatory>
</it>
</its>
</sds>
</objects>
<bisearchEnable>Disable</bisearchEnable>
</meta>
</metaGet>
</SetMbSecResult>
</soapenv:Body>
</soapenv:Envelope>
JSON request:
{
"SetMbSec" :
{
"tMbSec" :
{
"id" : "S1!M"
},
"tArg" :
{
"pattern" :
{
"objects" : "true"
},
"meta" :
{
"objects" :
{
"ods" :
{
"its" :
{
"d" :
{
"@isShortcut" : "false",
"@isLink" : "false",
"@hf" : "false",
"i" : "OBJ2",
"n" : "obj2",
"k" : "535",
"c" : "1537",
"p" : "533",
"h" : "false",
"sdKey" : "544",
"hasPrv" : "false",
"ic" : "false"
}
}
},
"sds" :
{
"its" :
{
"it" :
[
{
"k" : "544",
"isInherited" : "false",
"isSealed" : "false",
"discrete" :
{
"aces" :
{
"it" :
[
{
"subject" :
{
"k" : "2147483649",
"id" : "ADMINISTRATORS",
"n" : "ADMINISTRATORS",
"vis" : "true",
"type" : "Group",
"sid" :
{
"sid" : "PS-2-1",
"type" : "Group"
}
},
"allow" : "1"
},
{
"subject" :
{
"k" : "2147483649",
"id" : "ADMIN",
"vis" : "true",
"type" : "User",
"sid" :
{
"sid" : "PS-1-1",
"type" : "User"
}
},
"allow" : "1"
},
{
"subject" :
{
"k" : "545",
"id" : "NEWADMIN",
"n" : "NewAdmin",
"vis" : "true",
"type" : "User",
"sid" :
{
"sid" : "PS-1-545",
"type" : "User"
}
},
"allow" : "98312",
"deny" : "16",
"audit" : "98312"
}
]
}
},
"mandatory" :
{
"accessToken" :
{
"its" : ""
}
},
"applyFlags" : "0"
}
]
}
}
}
},
"metaGet" :
{
"pattern" :
{
"objects" : "true",
"objectsFilter" :
{
"keys" :
{
"i" : "535"
}
}
}
}
}
}
}
JSON response:
{
"SetMbSecResult" :
{
"id" :
{
"id" : "S1!M"
},
"metaGet" :
{
"id" :
{
"id" : "S1!M"
},
"meta" :
{
"objects" :
{
"ods" :
{
"its" :
{
"d" :
{
"@isShortcut" : "0",
"@isLink" : "0",
"@hf" : "0",
"i" : "OBJ2",
"n" : "obj2",
"k" : "535",
"c" : "1537",
"p" : "533",
"h" : "0",
"sdKey" : "546",
"hasPrv" : "0",
"ic" : "0"
}
}
},
"sds" :
{
"its" :
{
"it" :
[
{
"k" : "546",
"isInherited" : "0",
"isSealed" : "0",
"discrete" :
{
"aces" :
{
"it" :
[
{
"subject" :
{
"k" : "2147483649",
"id" : "ADMINISTRATORS",
"n" : "ADMINISTRATORS",
"vis" : "1",
"type" : "Group",
"sid" :
{
"sid" : "PS-2-1",
"type" : "Group"
}
},
"allow" : "1"
},
{
"subject" :
{
"k" : "2147483649",
"id" : "ADMIN",
"vis" : "1",
"type" : "User",
"sid" :
{
"sid" : "PS-1-1",
"type" : "User"
}
},
"allow" : "1"
},
{
"subject" :
{
"k" : "545",
"id" : "NEWADMIN",
"n" : "NewAdmin",
"vis" : "1",
"type" : "User",
"sid" :
{
"sid" : "PS-1-545",
"type" : "User"
}
},
"allow" : "98312",
"deny" : "16",
"audit" : "98312"
}
]
}
},
"mandatory" :
{
"accessToken" :
{
"its" : ""
}
}
}
]
}
}
},
"bisearchEnable" : "Disable"
}
}
}
}
public static SetMbSecResult ChangeSecurityDescriptor(MbId metabase, MbSubject subject, string objectId)
{
var somClient = new SomPortTypeClient(); //Proxy object for executing operations
//Initial description of object security
var objSecDesc = GetObjectSecurityDescriptor(metabase.id, new int[1] {(int)FindObjectById(metabase, objectId).k });
var objects = objSecDesc.meta.objects;
//Object description
var od = objects.ods.its[0];
//Security description
var sd = objects.sds.its[0];
//Initial permissions
var aces = new List(); aces.AddRange(sd.discrete.aces); //New security element that will be added to description var tAce = new SdAce() { //Authorization to change permissions, import and export. //It corresponds to MetabaseObjectPredefinedRights.Access + MetabaseObjectPredefinedRights.ExportData + MetabaseObjectPredefinedRights.ImportData allow = 98312, //Audit of authorized operations audit = 98312, //Prohibit to delete. It corresponds to MetabaseObjectPredefinedRights.Delete deny = 16, subject = subject // Security subject to which corresponds the element }; aces.Add(tAce); //Update the list of security elements in description sd.discrete.aces = aces.ToArray(); //Flag of access permissions update sd.applyFlags = 0; sd.isInherited = false; //Operation execution parameters var setMbSec = new SetMbSec() { tArg = new SetMbSecArg() { //Operation execution pattern pattern = new MbSecMdPattern() { objects = true, }, //Metadata where modifiedsecurity description of the object is specified meta = new MbSecMd() { objects = new MbObjects() { ods = new Ods() { its = new Od[1] { od } }, sds = new Sds() { its = new Sd[1] { sd } } } }, //Parameters of user list update after operation execution metaGet = new GetMbSecArg() { pattern = new MbSecMdPattern() { objects = true, objectsFilter = new MbSecOdFilter() { keys = new int[1] { (int)od.k } } } } }, //Repository moniker tMbSec = new MbId() { id = metabase.id} }; //Change access permissions to object var result = somClient.SetMbSec(setMbSec); return result;