ISecurityDescriptor.GetEffectiveRights

Syntax

GetEffectiveRights(Subject: ISecuritySubject): Integer;

Parameters

Subject. Security subject, for which effective access permissions should be calculated.

Description

The GetEffectiveRights method calculates the effective access permissions of the specified security subject to the repository object.

Comments

On calculating effective permissions the selected access control methods is made for it. If discretionary access control is used, then for a specific object type permissions by classes are calculated in addition.

The effective rights includes all operation for which the explicit permission was set for the user. The value that this method returns, is an access mask. Mask value is 4-byte binary number converted to decimal form. It is necessary to use a value of the MetabaseObjectPredefinedRights enumeration to check a value of the mask. This enumeration contains main and additional operations to which it is possible to give rights. The specific operations are available for defined classes of objects. Values of the following enumerations can be used to check specific operations depending on the object class:

Basic, additional and specific operations available for specified objects types are shown in the Types of Events section.

To analyze a mask value it is necessary to implement a custom function that enables the comparison of separate mask bits with relevant enumerations values. The example of work with access mask is shown in the Working with Access Mask section.

Example

Executing the example requires that the repository contains an object with the Obj_1 identifier. There is the TestUser user among the security subjects that were created in the security manager of the current repository.

Sub UserProc;
Var
    MB: IMetabase;
    MDesc: IMetabaseObjectDescriptor;
    SecDesc: ISecurityDescriptor;
    Subj: ISecuritySubject;
    i: Integer;
Begin
    MB := MetabaseClass.Active;
    Subj := MB.Security.ResolveName("TestUser");
    MDesc := MB.ItemById("Obj_1");
    SecDesc := MDesc.SecurityDescriptor;
    i := SecDesc.GetEffectiveRights(Subj);
End Sub UserProc;

After executing this example the "i" variable contains a value that corresponds to the effective rights that were given to the specified user to the Obj_1 object.

See also:

ISecurityDescriptor