IMetabasePolicy.MandatoryAccess

Syntax

MandatoryAccess: IMetabaseMandatoryAccess;

MandatoryAccess: Prognoz.Platform.Interop.Metabase.IMetabaseMandatoryAccess;

Description

The MandatoryAccess property returns settings of mandatory access of a security manager.

Comments

Use the SecurityDescriptor property to set access permissions to objects.

Example

To execute the example, add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.

Sub UserProc;
Var
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Policy: IMetabasePolicy;
    MAccess: IMetabaseMandatoryAccess;
    Cat: ISecurityCategory;
    Lvl: ISecurityLevel;
    Lic: Object;
Begin
    MB := MetabaseClass.Active;
    
// Check out license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
    MS := MB.Security;
    Policy := MS.Policy;
    
// Activate the use of mandatory access control method
    Policy.MandatoryAccessControl := True;
    MAccess := Policy.MandatoryAccess;
    
// Add security category with access levels
    Cat := MAccess.AddCategory("Category 1");
    Lvl := Cat.AddLevel(
0"Level 0");
    Lvl.Marking := 
True// Enable object marking
    Lvl := Cat.AddLevel(1"Level 1");
    Lvl.ExportAllowed := 
False// Disable object export
    Lvl := Cat.AddLevel(2"Level 2");
    Lvl.ExportAllowed := 
False// Disable object export
    Lvl.PrintAllowed := False// Disable object printing
    // Save changes
    MS.Apply;
    
// Check in license
    Lic := Null;
End Sub UserProc;

Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;

Public Shared Sub Main(Params: StartParams);
Var
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Policy: IMetabasePolicy;
    MAccess: IMetabaseMandatoryAccess;
    Cat: ISecurityCategory;
    Lvl: ISecurityLevel;
    Lic: Object;
Begin
    MB := Params.Metabase;
    
// Check out license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
    MS := MB.Security;
    Policy := MS.Policy;
    
// Activate the use of mandatory access control method
    Policy.MandatoryAccessControl := True;
    MAccess := Policy.MandatoryAccess;
    
// Add security category with access levels
    Cat := MAccess.AddCategory("Category 1");
    Lvl := Cat.AddLevel(
0"Level 0");
    Lvl.Marking := 
True// Enable object marking
    Lvl := Cat.AddLevel(1"Level 1");
    Lvl.ExportAllowed := 
False// Disable object export
    Lvl := Cat.AddLevel(2"Level 2");
    Lvl.ExportAllowed := 
False// Disable object export
    Lvl.PrintAllowed := False// Disable object printing
    // Save changes
    MS.Apply();
    
// Check in license
    Lic := Null;
End Sub;

After executing the example, in mandatory access control of security manager a new category will be created containing three security conditions. For each level different access parameters of export and print and also labels during export and print are assigned.

See also:

IMetabasePolicy