MetabaseClassesSecurityDescriptors: IMetabaseClassesSecurityDescriptors;
MetabaseClassesSecurityDescriptors: Prognoz.Platform.Interop.Metabase.IMetabaseClassesSecurityDescriptors;
The MetabaseClassesSecurityDescriptors property returns security parameters of object type.
The property is relevant on setting up discretionary access control in access control settings for object type. Effective Permissions for object are calculated taking into account discretionary permissions configured for object type.
To execute the example make sure that security manager contains the USER user and administrator is allowed to execute all operations with theTable object type on setting up parameters of access control on the Discretionary Access Control window.
Add links to the Metabase, ForeSystem (for Fore.NET example) system assemblies.
Sub UserProc;
Var
MB: IMetabase;
SecDescrs: IMetabaseClassesSecurityDescriptors;
ClassSecDescr: IMetabaseClassSecurityDescriptor;
MS: IMetabaseSecurity;
SecDescr: ISecurityDescriptor;
Lic: Object;
Type: AceType;
Sid: ISid;
Begin
MB := MetabaseClass.Active;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MS := MB.Security;
// Get security parameters of the Table object type
SecDescrs := MS.MetabaseClassesSecurityDescriptors;
ClassSecDescr := SecDescrs.Add(MetabaseObjectClass.KE_CLASS_TABLE);
SecDescr := ClassSecDescr.Descriptor;
SecDescr.Edit;
// Deny any operations with tables to the USER user
Type := AceType.AccessDenied;
Sid := MB.Security.ResolveName("USER").Sid;
SecDescr.Acl.AddAce(Type, Sid, MetabaseObjectPredefinedRights.All);
SecDescr.Apply(False);
// Save changes
MS.Apply;
// Check in license
Lic := Null;
End Sub UserProc;
Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;
…
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
SecDescrs: IMetabaseClassesSecurityDescriptors;
ClassSecDescr: IMetabaseClassSecurityDescriptor;
MS: IMetabaseSecurity;
SecDescr: ISecurityDescriptor;
Lic: Object;
Type: AceType;
Sid: MetabaseSid;
Begin
MB := Params.Metabase;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
MS := MB.Security;
// Get security parameters of the Table object type
SecDescrs := MS.MetabaseClassesSecurityDescriptors;
ClassSecDescr := SecDescrs.Add(MetabaseObjectClass.KE_CLASS_TABLE);
SecDescr := ClassSecDescr.Descriptor;
SecDescr.Edit();
// Deny any operations with tables to the USER user
Type := AceType.aceAccessDenied;
Sid := MB.Security.ResolveName("USER").Sid;
SecDescr.Acl.AddAce(Type, Sid, 1);
SecDescr.Apply(False);
// Save changes
MS.Apply();
// Check in license
Lic := Null;
End Sub;
After executing the example the USER user will be forbidden to do any operations with tables.
See also: