IMetabaseClassesSecurityDescriptors.CreateDescriptor

Syntax

CreateDescriptor(ClassId: MetabaseObjectClass): IMetabaseClassSecurityDescriptor;

Parameters

ClassId. Object type.

Description

The CreateDescriptor method creates security descriptor for object type without adding to collection.

Comments

To add created security descriptor with specified access permissions to collection, use the IMetabaseClassesSecurityDescriptors.AddDescriptor method.

Example

To execute the example, make sure that security manager contains the ADMIN administrator.

Add a link to the Metabase system assembly.

Sub UserProc;
Var
    MB: IMetabase;
    SecDescrs: IMetabaseClassesSecurityDescriptors;
    ClassSecDescr: IMetabaseClassSecurityDescriptor;
    MS: IMetabaseSecurity;
    SecDescr: ISecurityDescriptor;
    Lic: Object;
    Type: AceType;
    Sid: ISid;
Begin
    MB := MetabaseClass.Active;
    // Get license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
    MS := MB.Security;
    // Create security descriptor for the Workbook object type
    SecDescrs := MS.MetabaseClassesSecurityDescriptors;
    ClassSecDescr := SecDescrs.CreateDescriptor(MetabaseObjectClass.KE_CLASS_WORKBOOK);
    SecDescr := ClassSecDescr.Descriptor;
    SecDescr.Edit;
    // Enable administrator executing any operations with workbooks
    Type := AceType.AccessAllowed;
    Sid := MB.Security.ResolveName("ADMIN").Sid;
    SecDescr.Acl.AddAce(Type, Sid, MetabaseObjectPredefinedRights.All);
    // Add a created descriptor to the Workbook object type
    SecDescrs.AddDescriptor(ClassSecDescr);
    SecDescr.Apply(False);
    // Save changes
    MS.Apply;
    // Check in license
    Lic := Null;
End Sub UserProc;

After executing the example, administrator will be allowed to execute any operations with workbooks.

See also:

IMetabaseClassesSecurityDescriptors