IMetabaseCustomObject.CheckAndAuditOperationLabel

Syntax

CheckAndAuditOperationLabel(OperationKey: Integer; Comment: String; State: MetabaseObjectAuditOperationState; Var Label: ISecurityDocumentLabel): Decimal;

Parameters

OperationKey. Key of the custom class operation which execution possibility has to be checked.

Comment. The comment that is entered in the access protocol.

State. Variant of operation auditing.

Label. Variable to which the parameters of the security label are placed.

Description

The CheckAndAuditOperationLabel method checks access permissions of the current user for the specified operation and writes check result to the protocol according to the selected audit option and calculates parameters of the security label that is used on exporting the repository objects.

Comments

Security label is calculated if the mandatory access to objects is active.

If the current user does not have rights even to one of the checked operations or the variant of auditing that bans execution of the operation (ForceDeny, ForceDenyAndAudit) was chosen, the exception condition will be generated. Depending on the present settings of scheme auditing and on chosen variant of auditing of the checked operation (State), a record with failed result can be added to access protocol.

The method returns unique key of the record which is written in the access protocol.

The method is used to check access permissions on custom class operations described by the IMetabaseCustomClassOperation interface. To check access permission for main and additional operations, use the IMetabaseObjectDescriptor.CheckAndAuditOperationLabel method.

Example

Executing the example requires that the repository contains a custom class object with the OBJ_CUSTOM identifier. The operation with the CLS1OP1 identifier should be created for the custom class.

Sub UserProc;
Var
    MB: IMetabase;
    CustObj: IMetabaseCustomObject;
    Operation: IMetabaseCustomClassOperation;
    Label: ISecurityDocumentLabel;
    Key: Decimal;
Begin
    MB := MetabaseClass.Active;
    CustObj := MB.ItemById("OBJ_CUSTOM").Bind As IMetabaseCustomObject;
    Operation := CustObj.CustomClass.Operations.FindById("CLS1OP1");
    Try
        Key := CustObj.CheckAndAuditOperationLabel(Operation.Key,
            "Access check for operation execution: " + Operation.Name,
            MetabaseObjectAuditOperationState.ForceAudit,
            Label);
    Except
        On E: Exception Do
        WinApplication.InformationBox(E.message);
    End Try;
    If Label.IsON Then
        Debug.WriteLine(Label.Label);
        Debug.WriteLine(Label.LabelDescription);
        Debug.WriteLine(Label.TreatSectionAsDocument);
        Debug.WriteLine(Label.User.Name);
    End If;
End Sub UserProc;

After executing the example, it will be checked whether current user has permissions to execute the specified operation of custom class. A record about the execution of operation is added to the access protocol. If the mandatory access control was activated in the repository and the access level, for which the marking of objects was activated when exporting and printing, was specified to the object, the Label variable contain parameters of the security label that is used for marking. These parameters are displayed in the development environment console.

See also:

IMetabaseCustomObject