To report a found bug,
please, select the text with the bug and click Report a Bug or
CTRL+ENTER.
Help
system 10.4 of 09/07/2024,
©
FORESIGHT
Executing the example requires an MDM dictionary with the RDS_DICT identifier. Access permissions option of elements is enabled for the dictionary. Two users are included in the list of access subjects except for the basic user Admin and the Administrators group. Security labels 2 and 3 are correlated to them. These users are not included in the group of administrators.
Add links to the Metabase, Rds system assemblies.
Sub UserProc;
Var
MB: IMetabase;
MObj: IMetabaseObject;
Dict: IRdsDictionary;
Attrs: IRdsAttributes;
DictInst: IRdsDictionaryInstance;
Elements: IRdsDictionaryElements;
Element: IRdsDictionaryElement;
Data: IRdsDictionaryElementData;
SecLab: ISecurityLabels;
User, User1, User2: ISecuritySubject;
Begin
MB := MetabaseClass.Active;
// Get MDM dictionary
MObj := MB.ItemById("RDS_DICT").Bind;
Dict := MObj As IRdsDictionary;
// Get list of attributes
Attrs := Dict.Attributes;
// Open dictionary
DictInst := Dict.Open(Null);
Elements := DictInst.Elements;
// Get the first element, for which permissions will be granted
Element := Elements.Item(1);
Data := Element.Data;
// Security subjects
SecLab := MObj.SecurityDescriptor.LabelSecurity;
User := SecLab.Mapping(0); // Admin
User1 := SecLab.Mapping(2); // The first additional user
User2 := SecLab.Mapping(3); // The second additional user
// Grant permissions
Data.AccessAttribute(Attrs.AccessAccess.Key) := SecLab.ValueStr(User);
Data.AccessAttribute(Attrs.DeleteAccess.Key) := (SecLab.Value(User) + SecLab.Value(User1)).ToString;
Data.AccessAttribute(Attrs.ReadAccess.Key) := (SecLab.Value(User) + SecLab.Value(User1) + SecLab.Value(User2)).ToString;
Data.AccessAttribute(Attrs.WriteAccess.Key) := (SecLab.Value(User) + SecLab.Value(User2)).ToString;
// Update information about element
Element.Update(Data);
End Sub UserProc;
After executing the example access permissions for the first element of the MDM dictionary are changed. All users have permission to view the element. The first additional user will have the permission to delete, the second additional user will have the permissions to edit. The Admin user will have full permissions.
To check the access permissions, it is necessary to cast the mask to binary mode and check, with whom the bits having the value 1 are associated. The bits having the value 0 correspond to security objects, which are forbidden to act, or the bits are not associated with any security objects. To cast the mask to binary mode, run the DecToBin procedure, which code is given in the Working with Access Mask example.
Sub CheckMask;
Var
MB: IMetabase;
MObj: IMetabaseObject;
DictInst: IRdsDictionaryInstance;
Elements: IRdsDictionaryElements;
Element: IRdsDictionaryElement;
SecLab: ISecurityLabels;
AccessMask: Integer;
BinMask: String;
c: Char;
i: Integer;
Begin
MB := MetabaseClass.Active;
// Get MDM dictionary
MObj := MB.ItemById("RDS_DICT").Bind;
// Open dictionary
DictInst := MObj.Open(Null) As IRdsDictionaryInstance;
Elements := DictInst.Elements;
// Get the first element, for which access permissions are determined
Element := Elements.Item(1);
// Get security label parameters
SecLab := MObj.SecurityDescriptor.LabelSecurity;
// Permissions to change data of the first element
AccessMask := Element.Access(RdsAccessAttribute.WriteAccess);
BinMask := DecToBin(AccessMask);
For i := BinMask.Length To 1 Step - 1 Do
// Get bit from character string and check its value
c := BinMask.Chars(i - 1);
// If value of the current bit is 1, then get the user matched with this bit
If c = '1' Then
// Bit numbering is executed from right to left. To get bit number, contract
// the current position from general length.
Debug.WriteLine(SecLab.Mapping(BinMask.Length - i).Name);
End If;
End For;
End Sub CheckMask;
On executing the example the console window displays names of the security objects, which have permissions to edit data of the first element of the MDM dictionary.
See also: