MandatoryAccess: IMetabaseMandatoryAccess;
MandatoryAccess: Prognoz.Platform.Interop.Metabase.IMetabaseMandatoryAccess;
The MandatoryAccess property returns settings of mandatory access of a security manager.
Use the SecurityDescriptor property to set access permissions to objects.
To execute the example, add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.
Sub UserProc;
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Policy: IMetabasePolicy;
MAccess: IMetabaseMandatoryAccess;
Cat: ISecurityCategory;
Lvl: ISecurityLevel;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MS := MB.Security;
Policy := MS.Policy;
// Activate the use of mandatory access control method
Policy.MandatoryAccessControl := True;
MAccess := Policy.MandatoryAccess;
// Add security category with access levels
Cat := MAccess.AddCategory("Category 1");
Lvl := Cat.AddLevel(0, "Level 0");
Lvl.Marking := True; // Enable object marking
Lvl := Cat.AddLevel(1, "Level 1");
Lvl.ExportAllowed := False; // Disable object export
Lvl := Cat.AddLevel(2, "Level 2");
Lvl.ExportAllowed := False; // Disable object export
Lvl.PrintAllowed := False; // Disable object printing
// Save changes
MS.Apply;
// Check in license
Lic := Null;
End Sub UserProc;
Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;
…
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Policy: IMetabasePolicy;
MAccess: IMetabaseMandatoryAccess;
Cat: ISecurityCategory;
Lvl: ISecurityLevel;
Lic: Object;
Begin
MB := Params.Metabase;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
MS := MB.Security;
Policy := MS.Policy;
// Activate the use of mandatory access control method
Policy.MandatoryAccessControl := True;
MAccess := Policy.MandatoryAccess;
// Add security category with access levels
Cat := MAccess.AddCategory("Category 1");
Lvl := Cat.AddLevel(0, "Level 0");
Lvl.Marking := True; // Enable object marking
Lvl := Cat.AddLevel(1, "Level 1");
Lvl.ExportAllowed := False; // Disable object export
Lvl := Cat.AddLevel(2, "Level 2");
Lvl.ExportAllowed := False; // Disable object export
Lvl.PrintAllowed := False; // Disable object printing
// Save changes
MS.Apply();
// Check in license
Lic := Null;
End Sub;
After executing the example, in mandatory access control of security manager a new category will be created containing three security conditions. For each level different access parameters of export and print and also labels during export and print are assigned.
See also: