IABACEngine

Description

The IABACEngine interface is used to calculate the specified attribute-based access control policy, which results in the determined subject access to object.

Comments

It is used to create the attribute-based access control that is not connected with general security policy.

To get result of subject access to object:

  1. Use the ABACEngine class to further determine methods of the IABACEngine interface.

  2. Set mandatory mathods: IABACEngine.SetEnvironment, IABACEngine.SetParams, IABACEngine.SetPolicy.

  3. Set the operation, by which subject access to object is determined, using the IABACEngine.Evaluate method.

After executing the operations the IABACEngine.Evaluate method returns result of calculating subject access to object. For example, the USER user is allowed to read an object with the OBJ identifier.

Methods

  Method name Brief description
Evaluate The Evaluate method returns result of subject access to object.
SetCallback The SetCallback method sets the function that determines attribute value if subject or object attribute is not determined.
SetEnvironment The SetEnvironment method sets the collection of environment attributes.
SetOperations The SetOperations method sets attribute value in the objective if the OPERATION environment attribute is used with the IN condition.
SetParams The SetParams method sets the collection of attributes of the subject and object, for which attribute-based access control is determined.
SetPolicy The SetPolicy method sets attribute-based access control policy.

See also:

ABAC Assembly Interfaces