RestrictUserDeletion: Boolean;
RestrictUserDeletion: System.Boolean;
The RestrictUserDeletion property determines whether application administrator is prohibited to delete users who has any access permissions on repository objects.
This property is relevant to use for distributing roles between information security administrator (ISA) and application administrator (AA).
By default the property is set to False. If the value is True, the application administrator cannot delete a user who has any rights on repository objects. On attempt to delete a relevant message is displayed. To delete this user it is necessary to remove access permissions.
To change property value the user who makes setting should has a privilege "Change a security label and a list of access control of any object".
To execute the example, activate the role separation mode between ISA and AA in security manager.
Add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.
Sub UserProc;
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Policy: IMetabasePolicy;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MS := MB.Security;
Policy := MS.Policy;
// Prohibit to application administrator to delete users
Policy.RestrictUserDeletion := True;
// Save changes
MS.Apply;
// Check in license
Lic := Null;
End Sub UserProc;
Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;
…
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Policy: IMetabasePolicy;
Lic: Object;
Begin
MB := Params.Metabase;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
MS := MB.Security;
Policy := MS.Policy;
// Prohibit to application administrator to delete users
Policy.RestrictUserDeletion := True;
// Save changes
MS.Apply();
// Check in license
Lic := Null;
End Sub;
After executing this example if AA tries to delete the use who has any access permissions on repository objects a relevant message is displayed.
See also: