To report a found bug,
please select the text with the bug and click Report a Bug
or CTRL+ENTER.
Help
system 10.9 of 26/11/2025,
©
FORESIGHT
ESKMode: Boolean;
The ESKMode property determines whether it is possible to use compatibility mode to work with domain groups in Oracle DBMS.
The property is relevant only when working in repository based on Oracle DBMS.
The property is set to False by default, and one can add only users in the security manager from domain.
When the property is set to True, and information security administrator (ISA) and application administrator roles are not separated, the compatibility mode will be enabled, which enables the user to add domain groups and to set up access permissions for it in a particular way in the security manager. For details about granting permissions, see the Domain Authorization on Working with Oracle Server subsection. If roles are separated between the information security administrator and the application administrator, only the information security administrator has always the permissions to add domain groups. If it is required that another user can also add domain groups, he should be given additional privileges - Creating and Deleting Users and Changing User Permissions, Distributing Roles, Changing Policy.
To execute the example, add a link to the Metabase system assembly.
Sub UserProc;
Var
MB: IMetabase;
Security: IMetabaseSecurity;
Police: IMetabasePolicy;
MandatoryAccess: IMetabaseMandatoryAccess;
Category: ISecurityCategory;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
Security := MB.Security;
Police := Security.Policy;
// Enable compatibility mode
Police.ESKMode := True;
//Enable mode of roles separation between the information security administrator and the application administrator
Police.PromoteToIsaMode(Security.ResolveName(MB.Id + "_ISA") As IMetabaseUser);
MandatoryAccess := Police.MandatoryAccess;
//Separate access by levels
MandatoryAccess.IsSimple := True;
Category := MandatoryAccess.Category(0);
Category.AddLevel(1, "Guest");
Category.AddLevel(2, "AllAccess");
// Save changes
Security.Apply;
// Check in license
Lic := Null;
End Sub UserProc;
After executing the example the current repository security policy is changed.
The roles separation mode between the information security administrator and the application administrator is enabled.
The compatibility mode required to work with domain groups is enabled.
The mode of access by levels is enabled and two security levels are created.
See also: