IMetabasePolicy.RestrictUserDeletion

Syntax

RestrictUserDeletion: Boolean;

RestrictUserDeletion: System.Boolean;

Description

The RestrictUserDeletion property determines whether application administrator is prohibited to delete users who has any access permissions on repository objects.

Comments

This property is relevant to use for distributing roles between information security administrator (ISA) and application administrator (AA).

By default the property is set to False. If the value is True, the application administrator cannot delete a user who has any rights on repository objects. On attempt to delete a relevant message is displayed. To delete this user it is necessary to remove access permissions.

To change property value the user who makes setting should has a privilege "Change a security label and a list of access control of any object".

Example

To execute the example, activate the role separation mode between ISA and AA in security manager.

Add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.

Sub UserProc;
Var 
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Policy: IMetabasePolicy;
    Lic: Object;
Begin
    MB := MetabaseClass.Active;
    
// Check out license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
    MS := MB.Security;
    Policy := MS.Policy;
    
// Prohibit to application administrator to delete users
    Policy.RestrictUserDeletion := True;
    
// Save changes
    MS.Apply;
    
// Check in license
    Lic := Null;
End Sub UserProc;

Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;

Public Shared Sub Main(Params: StartParams);
Var 
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Policy: IMetabasePolicy;
    Lic: Object;
Begin
    MB := Params.Metabase;
    
// Check out license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
    MS := MB.Security;
    Policy := MS.Policy;
    
// Prohibit to application administrator to delete users
    Policy.RestrictUserDeletion := True;
    
// Save changes
    MS.Apply();
    
// Check in license
    Lic := Null;
End Sub;

After executing this example if AA tries to delete the use who has any access permissions on repository objects a relevant message is displayed.

See also:

IMetabasePolicy