To report a found bug,
please, select the text with the bug and click Report a Bug or
CTRL+ENTER.
Help
system 9.2 Update 9 of 11/09/2020,
©
FORESIGHT
ManageDBGrants: Boolean;
ManageDBGrants: System.Boolean;
The ManageDBGrants property determines whether the current user will be given the rights on the DBMS level.
This property is available for changing only when a new user is created in the repository.
If the property is set to True, the appropriate grants will be given to the user on the DBMS server after creation of the user in the repository and change of his privileges or giving the rights to the repository objects.
If the property is set to False, the appropriate grants will not be given to the user on the DBMS server after creation of the user in the repository and change of his privileges or giving the rights to the repository objects. This option is relevant if the created user is connected from the server and already has some grants to the platform objects.
Executing the example requires the GROUP domain with the TESTER user. The user is created on DB server and is granted permissions for specific objects of the current repository.
Add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.
Sub UserProc;
Var
MB: IMetabase;
MBSec: IMetabaseSecurity;
SubSearch: ISecuritySubjectsSearch;
Subjects: ISecuritySubjects;
Subject: ISecuritySubject;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Get license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MBSec := MB.Security;
// Set parameters for adding domain users
MB.CurrentDomainSubjectAddState(SecuritySubjectType.User) :=
DomainSubjectAddState.MakeExternalOff
Or DomainSubjectAddState.ManageDBGrantsOn
Or DomainSubjectAddState.Keep;
// Set object to search for domain users
SubSearch := MBSec.NewSubjectsSearch;
SubSearch.NameCriteria := "GROUP\TESTER";
SubSearch.AreaIncludeDB := False;
SubSearch.AreaIncludeNT := True;
SubSearch.SubjectCriteria(SecuritySubjectType.User) := True;
SubSearch.ExecuteSearch;
// Change parameters of found user
Subjects := SubSearch.Subjects;
Debug.WriteLine(Subjects.Count);
If Subjects.Count > 0 Then
Subject := Subjects.Item(0);
Subject := MBSec.AddNTSubject(Subject);
// Change parameters of added domain user
// These parameters do not correspond with the parameters that
// were set in the CurrentDomainSubjectAddState property
(Subject As IMetabaseUser).External := True;
(Subject As IMetabaseUser).ManageDBGrants := False;
// Save changes
MBSec.Apply;
// Release license
Lic := Null;
End If;
End Sub UserProc;
Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;
…
Public Shared Sub Main(Params: StartParams);
Var
MB: IMetabase;
MBSec: IMetabaseSecurity;
SubSearch: ISecuritySubjectsSearch;
Subjects: ISecuritySubjects;
Subject: ISecuritySubject;
Lic: Object;
Begin
MB := Params.Metabase;
// Get license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
MBSec := MB.Security;
// Set parameters for adding domain users
MB.CurrentDomainSubjectAddState[SecuritySubjectType.sstUser] :=
DomainSubjectAddState.dsasMakeExternalOff
Or DomainSubjectAddState.dsasManageDBGrantsOn
Or DomainSubjectAddState.dsasKeep;
// Set object to search for domain users
SubSearch := MBSec.NewSubjectsSearch();
SubSearch.NameCriteria := "GROUP\TESTER";
SubSearch.AreaIncludeDB := False;
SubSearch.AreaIncludeNT := True;
SubSearch.SubjectCriteria[SecuritySubjectType.sstUser] := True;
SubSearch.ExecuteSearch();
// Change parameters of found user
Subjects := SubSearch.Subjects;
If Subjects.Count > 0 Then
Subject := Subjects.Item[0];
Subject := MBSec.AddNTSubject(Subject);
// Change parameters of added domain user
// These parameters do not correspond with the parameters that
// were set earlier in the CurrentDomainSubjectAddState property
(Subject As IMetabaseUser).External := True;
(Subject As IMetabaseUser).ManageDBGrants := False;
// Save changes
MBSec.Apply();
// Release license
Lic := Null;
End If;
End Sub;
After executing the example, the GROUP\TESTER domain user is searched for. If the user name is found, it is added to the repository users list. On adding the user name the user is assigned the characteristic of the one connected from server. In the process of the distribution of privileges and objects access permissions the according rights are not granted to the user.
See also: