ISecurityDescriptor.ApplyO

Syntax

ApplyO(Options: SecurityDescriptorApplyFlags);

ApplyO(Prognoz.Platform.Interop.Metabase.SecurityDescriptorApplyFlags);

Parameters

Options. Element of the SecurityDescriptorApplyFlags enumeration that determines the way rights to a current object will be applied.

Description

The ApplyO method escapes from the edit mode saving changes of the object security parameters and determines if the new security parameters are applied for the internal objects and for objects, for which the indicator of deferred description loading was set.

Comments

An example of an inner object is an inner model that is included in a chain of metamodel calculation. An example of creation of an inner model is in description of the IMsCalculationChainEntries.AddExclusiveModel method.

Applying rights by hierarchy rights on inner objects and objects the mark deferred description loading is assigned are not applied.

Example

To execute the example, make sure that the security manager contains the USER user, the object navigator contains an object with the OBJECT identifier. The object contains child objects, for example, a modeling container.

Add links to the Metabase, ForeSystem (for the Fore.NET example) system assemblies.

Sub UserProc;
Var
    MB: IMetabase;
    ObjDesc: IMetabaseObjectDescriptor;
    SecDesc: ISecurityDescriptor;
    AcessCL: IAccessControlList;
    ACE: IAccessControlEntry;
    Sec: IMetabaseSecurity;
    SS: ISecuritySubject;
    Sid: ISid;
    Lic: Object;
Begin
    MB := MetabaseClass.Active;
    // Check out license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm); 
    ObjDesc := MB.ItemById("OBJECT");
    SecDesc := ObjDesc.SecurityDescriptor;
    Sec := MB.Security;
    SS := Sec.ResolveName("USER");
    Sid := SS.Sid;
    SecDesc.Edit;
    AcessCL := SecDesc.Acl;
    ACE := AcessCL.AddAce(AceType.AccessAllowed, Sid, 131071);
    SecDesc.ApplyO(SecurityDescriptorApplyFlags.ToInternal);
    // Save changes
    Sec.Apply;
    // Check in license
    Lic := Null;
End Sub UserProc;

Imports Prognoz.Platform.Interop.Metabase;
Imports Prognoz.Platform.Interop.ForeSystem;

Public Shared Sub Main(Params : StartParams);
Var
    MB: IMetabase;
    ObjDesc: IMetabaseObjectDescriptor;
    SecDesc: ISecurityDescriptor;
    AcessCL: IAccessControlList;
    ACE: IAccessControlEntry;
    Sec: IMetabaseSecurity;
    SS: ISecuritySubject;
    Sid: ISid;
    Lic: Object;
Begin
    MB := Params.Metabase;
    // Check out license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.lftAdm);
    ObjDesc := MB.ItemById["OBJECT"];
    SecDesc := ObjDesc.SecurityDescriptor;
    Sec := MB.Security;
    SS := Sec.ResolveName("USER");
    Sid := SS.Sid;
    SecDesc.Edit();
    AcessCL := SecDesc.Acl;
    ACE := AcessCL.AddAce(AceType.aceAccessAllowed, Sid, 131071);
    SecDesc.ApplyO(SecurityDescriptorApplyFlags.sdafToInternal);
    // Save changes
    Sec.Apply();
    // Check in license
    Lic := Null;
End Sub;

After executing the example the user is added in parameters of access control for the specified object and for all child objects. Permissions in accordance with the "131071" mask (Full Access) are set for it in additional parameters.

See also:

ISecurityDescriptor