Controlling Access Permissions to Attributes

Executing the example requires an MDM dictionary with the RDS_DICT identifier. The dictionary should contain a custom attribute with the USERATTRIBUT identifier.

The list of platform access subjects must include two additional users (except for the basic ADMIN user and ADMINISTRATORS group). The dictionary should have security labels created for additional users.

Example

Add links to the Metabase, Rds system assemblies.

Sub UserProc;
Var
    MB: IMetabase;
    MObj: IMetabaseObject;
    Dict: IRdsDictionary;
    Attrs: IRdsAttributes;
    Attr: IRdsAttribute;
    SecLab: ISecurityLabels;
    Admin, User1, User2: ISecuritySubject;
Begin
    MB := MetabaseClass.Active;
    // Get MDM dictionary
    MObj := MB.ItemById("RDS_DICT").Edit;
    Dict := MObj As IRdsDictionary;
    SecLab := MObj.SecurityDescriptor.LabelSecurity;
    // Users
    Admin := SecLab.Mapping(0); //The Admin user
    User1 := SecLab.Mapping(2); //The first additional user
    User2 := SecLab.Mapping(3); //The second additional user
    // Permissions for the Name attribute
    Attrs := Dict.Attributes;
    Attr := Attrs.Name;
    Attr.ReadAccess := SecLab.Value(Admin) + SecLab.Value(User1);
    Attr.WriteAccess := SecLab.Value(User1) + SecLab.Value(User2);
    // Permissions for the USERATTRIBUT custom attribute
    Attr := Attrs.FindById("USERATTRIBUT");
    Attr.ReadAccess := SecLab.Value(Admin) + SecLab.Value(User2);
    Attr.WriteAccess := SecLab.Value(User2);
    // Save changes
    MObj.Save;
End Sub UserProc;

After executing the example access permissions for the Name and USERATTRIBUT attributes are changed in the dictionary. Permissions for the Name attribute: read - ADMIN user and the first additional user; write - the second and third additional users. Permissions for the USERATTRIBUT attribute: read - ADMIN user and the second additional user; write - the second additional user.

See also:

Examples