CombineAlgorithm: ABACCombineAlgorithm;
The CombineAlgorithm property determines a combination algorithm of policies set.
To execute the example, add links to the ABAC and Metabase system assemblies.
Sub UserProc;
Var
PolicyObject: IABACRootPolicyObject;
PolicySet: IABACPolicySet;
MB: IMetabase;
MS: IMetabaseSecurity;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Get license to be able to work with the security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MS := MB.Security;
// Activate the use of attribute-based access control
MS.Policy.AttributeBasedAccessControl := True;
// Clear attribute-based access control structure
PolicyObject := MB.Security.Policy.ABACRules;
PolicyObject.Policies.Clear;
// Add a policies set
PolicySet := PolicyObject.Policies.Add;
PolicySet.Active := True;
PolicySet.CombineAlgorithm := ABACCombineAlgorithm.PermitOverride;
PolicySet.Description(MB.CurrentLocale) := "Test policies set";
PolicySet.Id := "POLICY_SET";
PolicySet.Name(MB.CurrentLocale) := "Policies set";
// Set policies set objective
PolicySet.Target.AttributeId := "OPERATION";
PolicySet.Target.Operation := ABACTargetOperation.Equal;
PolicySet.Target.AttributeValue := 2;
// Apply changes in security manager
MS.Apply;
// Check in license
Lic := Null;
End Sub UserProc;
After executing the example the security manager activates the use of attribute-based access control, in which a policies set with the specified parameters is added and activated:
See also: