Role: String;
Role: System.String;
The Role property determines the role of the Oracle DBMS, which is corresponded to this group of users.
The property is relevant only for domain groups of users. On adding a domain group, name of the group is specified in the repository security manager as the value of the Role property. If required, it can be changed.
Value of the Role property is used if the repository is entered by using domain authorization and security levels. On linking a domain user, which is missing in the repository security manager, entering of the user into the domain groups linked in the security manager, is checked. If the user is included into a domain group, correspondence of the role set for the group to the roles created on the DBMS server, is checked. If the server includes the specified role, the user is linked according to the security levels set for the group. Otherwise the appropriate error message is shown.
To execute the example, add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.
Sub UserProc;
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Search: ISecuritySubjectsSearch;
Subjects: ISecuritySubjects;
Subject: ISecuritySubject;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MS := MB.Security;
// Find domain group of users by parameters
Search := MS.NewSubjectsSearch;
Search.NameCriteria := "DOMAIN_GROUP";
Search.AreaIncludeDB := False;
Search.AreaIncludeNT := True;
Search.SubjectCriteria(SecuritySubjectType.Group) := True;
Search.ExecuteSearch;
Subjects := Search.Subjects; // found groups of users
If Subjects.Count > 0 Then
// Set parameters of domain group addition
MS.CurrentDomainSubjectAddState(SecuritySubjectType.Group) :=
DomainSubjectAddState.MakeExternalOn
Or DomainSubjectAddState.ManageDBGrantsOff;
// Add domain group
Subject := MS.AddNTSubject(Subjects.Item(0));
(Subject As IMetabaseGroup).Role := "GUEST";
// Save changes
MS.Apply;
End If;
// Check in license
Lic := Null;
End Sub UserProc;
Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;
…
Public Shared Sub Main(Params : StartParams);
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Search: ISecuritySubjectsSearch;
Subjects: ISecuritySubjects;
Subject: ISecuritySubject;
Lic: Object;
Begin
MB := Params.Metabase;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
MS := MB.Security;
// Find domain group of users by parameters
Search := MS.NewSubjectsSearch();
Search.NameCriteria := "DOMAIN_GROUP";
Search.AreaIncludeDB := False;
Search.AreaIncludeNT := True;
Search.SubjectCriteria[SecuritySubjectType.sstGroup] := True;
Search.ExecuteSearch();
Subjects := Search.Subjects; // found groups of users
If Subjects.Count > 0 Then
// Set parameters of domain group addition
MS.CurrentDomainSubjectAddState[SecuritySubjectType.sstGroup] :=
DomainSubjectAddState.dsasMakeExternalOn
Or DomainSubjectAddState.dsasManageDBGrantsOff;
// Add domain group
Subject := MS.AddNTSubject(Subjects.Item[0]);
(Subject As IMetabaseGroup).Role := "GUEST";
// Save changes
MS.Apply();
End If;
// Check in license
Lic := Null;
End Sub;
After executing the example, the DOMAIN_GROUP group will be searched among domain security subjects. If the group is found, it will be added to the list of the groups of repository security manager. The GUEST role will be determined for the group.
See also: