IRdsDictionaryElementData.AccessAttribute

Syntax

AccessAttribute(AttributeKey: Integer): String;

Parameters

AttributeKey. Key of access attribute, by which it is necessary to find out a security label. As a parameter value, pass key of one of the basic attributes: READACCESS, WRITEACCESS, DELETEACCESS, or ACCESSACCESS.

Description

The AccessAttribute property determines a security label by access attribute, which key is passed by the AttributeKey parameter.

Comments

Security label is defined in a string mode. This property is used if access is distributed for more than 32 security subjects.

The example of working with a security label is given in the Controlling Access Permissions to Elements subsection.

Example

Executing the example requires an MDM repository that contains an MDM dictionary with the Dict_1 identifier. Control of access permissions is enabled for dictionary elements. There is the user User_1 in a list of security subjects that have access to a dictionary.

Sub UserProc;
Var
    MB: IMetabase;
    MObj: IMetabaseObject;
    LabelSec: ISecurityLabels;
    Dict: IRdsDictionary;
    Attrs: IRdsAttributes;
    DictInst: IRdsDictionaryInstance;
    Element: IRdsDictionaryElement;
    Data: IRdsDictionaryElementData;
    Subject, Maping: ISecuritySubject;
    i: Integer;
    AttributeValue: IAccessAttributeValue;
Begin
    MB := MetabaseClass.Active;
    MObj := MB.ItemById("Dict_1").Bind;
    LabelSec := MObj.SecurityDescriptor.LabelSecurity;
    Subject := Mb.Security.ResolveName("User_1");
    //Find bit associated with the user
    For i := 0 To LabelSec.BitCount - 1 Do
        Maping := LabelSec.Mapping(i);
        If Maping <> Null Then
            If Maping.Sid.AsString = Subject.Sid.AsString Then
                Break;
            End If;
        End If;
    End For;
    //Change permissions to the element for the specified user
    Dict := MObj As IRdsDictionary;
    Attrs := Dict.Attributes;
    DictInst := Dict.Open(Null);
    Element := DictInst.Elements.Item(1);
    Data := Element.Data;
    //Create access attribute
    AttributeValue := New AccessAttributeValue.Create(LabelSec.BitCount, Data.AccessAttribute(Attrs.DeleteAccess.Key));
    //Change user permissions
    AttributeValue.Value(i) := True; //False, if necessary to take permission to delete
    //Set new permissions
    Data.AccessAttribute(Attrs.DeleteAccess.Key) := AttributeValue.ToString;
    Element.Update(Data);
End Sub UserProc;

After executing the example access permissions to the first element of the dictionary are updated. Permission to delete element is set for the first user.