MethodsCombineAlgorithm: ControlMethodsCombineAlgorithm;
MethodsCombineAlgorithm: Prognoz.Platform.Interop.Metabase.ControlMethodsCombineAlgorithm;
The MethodsCombineAlgorithm property determines permission combination algorithm by attribute-based and discretionary access control method.
The property is relevant if attribute-based and discretionary access control methods are used simultaneously.
To execute the example, add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.
Sub UserProc;
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MS := MB.Security;
// Activate the use of discretionary and attribute-based access control
MS.Policy.DiscretionaryAccessControl := True;
MS.Policy.AttributeBasedAccessControl := True;
// Install the OR combination algorithm
MS.Policy.MethodsCombineAlgorithm := ControlMethodsCombineAlgorithm.Permit;
// Save changes
MS.Apply;
// Check in license
Lic := Null;
End Sub UserProc;
Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;
…
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Lic: Object;
Begin
MB := Params.Metabase;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
MS := MB.Security;
// Activate the use of discretionary and attribute-based access control
MS.Policy.DiscretionaryAccessControl := True;
MS.Policy.AttributeBasedAccessControl := True;
// Install the OR combination algorithm
MS.Policy.MethodsCombineAlgorithm := ControlMethodsCombineAlgorithm.cmcaPermit;
// Save changes
MS.Apply();
// Check in license
Lic := Null;
End Sub;
After executing the example the use of discretionary and attribute-based access control methods will be activated and the OR permission combination algorithm is set.
When the combination algorithm is set:
If at least one access control method has allowed operation and access permissions are not defined for another method, the operation will be allowed as a result.
If the operation is denied for one of access control methods, the operation is denied.
See also: