AccessAttribute(AttributeKey: Integer): String;
AttributeKey. Key of access attribute, by which it is necessary to find out a security label. As a parameter value, pass key of one of the basic attributes: READACCESS, WRITEACCESS, DELETEACCESS, or ACCESSACCESS.
The AccessAttribute property determines a security label by access attribute, which key is passed by the AttributeKey parameter.
Security label is defined in a string mode. This property is used if access is distributed for more than 32 security subjects.
The example of working with a security label is given in the Controlling Access Permissions to Elements subsection.
Executing the example requires an MDM repository that contains an MDM dictionary with the Dict_1 identifier. Control of access permissions is enabled for dictionary elements. There is the user User_1 in a list of security subjects that have access to a dictionary.
Sub UserProc;
Var
MB: IMetabase;
MObj: IMetabaseObject;
LabelSec: ISecurityLabels;
Dict: IRdsDictionary;
Attrs: IRdsAttributes;
DictInst: IRdsDictionaryInstance;
Element: IRdsDictionaryElement;
Data: IRdsDictionaryElementData;
Subject, Maping: ISecuritySubject;
i: Integer;
AttributeValue: IAccessAttributeValue;
Begin
MB := MetabaseClass.Active;
MObj := MB.ItemById("Dict_1").Bind;
LabelSec := MObj.SecurityDescriptor.LabelSecurity;
Subject := Mb.Security.ResolveName("User_1");
//Find bit associated with the user
For i := 0 To LabelSec.BitCount - 1 Do
Maping := LabelSec.Mapping(i);
If Maping <> Null Then
If Maping.Sid.AsString = Subject.Sid.AsString Then
Break;
End If;
End If;
End For;
//Change permissions to the element for the specified user
Dict := MObj As IRdsDictionary;
Attrs := Dict.Attributes;
DictInst := Dict.Open(Null);
Element := DictInst.Elements.Item(1);
Data := Element.Data;
//Create access attribute
AttributeValue := New AccessAttributeValue.Create(LabelSec.BitCount, Data.AccessAttribute(Attrs.DeleteAccess.Key));
//Change user permissions
AttributeValue.Value(i) := True; //False, if necessary to take permission to delete
//Set new permissions
Data.AccessAttribute(Attrs.DeleteAccess.Key) := AttributeValue.ToString;
Element.Update(Data);
End Sub UserProc;
After executing the example access permissions to the first element of the dictionary are updated. Permission to delete element is set for the first user.
See also: