ESKMode: Boolean;
The ESKMode property determines whether it is possible to use compatibility mode to work with domain groups in Oracle DBMS.
The property is relevant only on working in repository based on Oracle DBMS. The property is set to False by default, only users can be added from domain in the security manager. When the value is set to True, the compatibility mode will be enabled, which enables the user to add domain groups and to set up access permissions for it in a particular way. For details about granting permissions, see the Domain Authorization on Working with Oracle Server subsection.
To execute the example, add a link to the Metabase system assembly.
Sub UserProc;
Var
MB: IMetabase;
Security: IMetabaseSecurity;
Police: IMetabasePolicy;
MandatoryAccess: IMetabaseMandatoryAccess;
Category: ISecurityCategory;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
Security := MB.Security;
Police := Security.Policy;
// Enable compatibility mode
Police.ESKMode := True;
//Enable mode of roles separation between the information security administrator and the application administrator
Police.PromoteToIsaMode(Security.ResolveName(MB.Id + "_ISA") As IMetabaseUser);
MandatoryAccess := Police.MandatoryAccess;
//Separate access by levels
MandatoryAccess.IsSimple := True;
Category := MandatoryAccess.Category(0);
Category.AddLevel(1, "Guest");
Category.AddLevel(2, "AllAccess");
// Save changes
Security.Apply;
// Check in license
Lic := Null;
End Sub UserProc;
After executing the example the current repository security policy will be changed.
The roles separation mode between the information security administrator and the application administrator will be enabled.
The compatibility mode required to work with domain groups will be enabled.
The mode of access by levels will be enabled and two security levels will be created.
See also: