ESKMode: Boolean;
ESKMode: System.Boolean;
The ESKMode property determines whether it is possible to use compatibility mode to work with domain groups in Oracle DBMS.
The property is relevant only on working in repository based on Oracle DBMS. By default the property is set to False, in security manager only users can be added from domain. On setting to True, compatibility mode will be on that enables to add domain groups and to set up access permissions for it in a particular way. For details about granting permissions, see theDomain Authorization on Working With Oracle Server subsection.
To enable compatibility mode, the following conditions must be met:
Enable role distribution between information security administrator and application administrator.
To execute the example, add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.
Sub UserProc;
Var
MB: IMetabase;
Security: IMetabaseSecurity;
Police: IMetabasePolicy;
MandatoryAccess: IMetabaseMandatoryAccess;
Category: ISecurityCategory;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
Security := MB.Security;
Police := Security.Policy;
// Enable compatibility mode
Police.ESKMode := True;
//Enable mode of role distribution between information security administrator and application administrator
Police.PromoteToIsaMode(Security.ResolveName(MB.Id + "_ISA") As IMetabaseUser);
MandatoryAccess := Police.MandatoryAccess;
//Distribute access by levels
MandatoryAccess.IsSimple := True;
Category := MandatoryAccess.Category(0);
Category.AddLevel(1, "Guest");
Category.AddLevel(2, "AllAccess");
// Save changes
Security.Apply;
// Check in license
Lic := Null;
End Sub UserProc;
Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;
…
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
Security: IMetabaseSecurity;
Police: IMetabasePolicy;
MandatoryAccess: IMetabaseMandatoryAccess;
Category: ISecurityCategory;
Lic: Object;
Begin
MB := Params.Metabase;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
Security := MB.Security;
Police := Security.Policy;
// Enable compatibility mode
Police.ESKMode := True;
//Enable mode of role distribution between information security administrator and application administrator
Police.PromoteToIsaMode((Security.ResolveName(MB.Id + "_ISA") As IMetabaseUser), IsaModePromoteOptions.ismopropNone);
MandatoryAccess := Police.MandatoryAccess;
//Distribute access by levels
MandatoryAccess.IsSimple := True;
Category := MandatoryAccess.Category[0];
Category.AddLevel(1, "Guest");
Category.AddLevel(2, "AllAccess");
// Save changes
Security.Apply();
// Check in license
Lic := Null;
End Sub;
After executing the example the current repository security policy will be changed.
Mode of role distribution between information security administrator and application administrator will be enabled.
Compatibility mode required to work with domain groups will be enabled.
Mode of access by levels will be enabled and two security levels will be created.
See also: