SecondAttrId: String;
The SecondAttrId property determines a value as a custom attribute to compare with the specified attribute.
The property is relevant for comparing of custom attributes of subjects or objects. The first attribute is set using the IABACTarget.AttributeId property. The second attribute is set using the SecondAttrId property and automatically sends value as a custom attribute to the IABACTarget.AttributeValue property.
To execute the example, make sure that attribute-based access control structure contains a policies set.
Add links to the ABAC and Metabase system assemblies.
Sub UserProc;
Var
PolicyObject: IABACRootPolicyObject;
PolicySet: IABACPolicySet;
Policy: IABACPolicy;
MB: IMetabase;
MS: IMetabaseSecurity;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Get license to be able to work with the security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MS := MB.Security;
// Get attribute-based access control
PolicyObject := MB.Security.Policy.ABACRules;
// Add a policy in the first policies set
PolicySet := PolicyObject.Policies.Item(0);
Policy := PolicySet.Policies.Add;
Policy.Name(MB.CurrentLocale) := "Test policy";
// Set policy objective
Policy.Target.AttributeId := "SUBJECT.CUSTOM_ATTR1";
Policy.Target.Operation := ABACTargetOperation.Equal;
Policy.Target.SecondAttrId := "OBJECT.CUSTOM_ATTR2";
// Apply changes in security manager
MS.Apply;
// Check in license
Lic := Null;
End Sub UserProc;
After executing the example the policy with the specified objective is added to the first policies set. The attribute-based access control structure will look as follows:
See also: