IMetabaseObjectDescriptor.CheckAndAuditLabel

Syntax

CheckAndAuditLabel(Operation: Integer; Comment: String; Var Label: ISecurityDocumentLabel);

Parameters

Operation.Mask that determines operations, the availability of rights to which it is necessary to check for the current user. To create a mask value, it is necessary to use the MetabaseObjectPredefinedRights enumeration values. This enumeration contains basic and additional operations on which permissions can be given and access audit can be led. The specific operations are available for defined classes of objects. To use specific operations depending on the object class in a mask there is a possibility to use values of the following enumerations:

Comment. The comment that is entered in the access protocol

Label. The variable, to which the parameters of security label will be placed.

Description

The CheckAndAuditLabel method checks the access permissions of the current user for the specified operations and writes the record into the access protocol with the specified comment and also calculates parameters of the security label that is used when printing and exporting the repository objects.

Comments

Security label is calculated if the mandatory access to objects is active.

If the current user does not have rights even to one of checked operations, the record with failed result will be entered in the access protocol and the exceptional condition will be generated.

Example

Executing the example requires that the repository contains an object with the Obj_1 identifier.

Add a link to the Metabase system assembly.

Sub UserProc;
Var
    MB: IMetabase;
    MObj: IMetabaseObjectDescriptor;
    SecLabel: ISecurityDocumentLabel;
Begin
    MB := MetabaseClass.Active;
    MObj := MB.ItemById("Obj_1");
    MObj.CheckAndAuditLabel(
        MetabaseObjectPredefinedRights.Delete Or
        MetabaseObjectPredefinedRights.Access,
        "Check whether current user has permissions for the Removal and Change Permissions operations" ,
        SecLabel);
    If SecLabel.IsON Then
    Debug.WriteLine(SecLabel.Label);
    Debug.WriteLine(SecLabel.LabelDescription);
    Debug.WriteLine(SecLabel.TreatSectionAsDocument);
    Debug.WriteLine(SecLabel.User.Name);
End If;
End Sub UserProc;

After executing the example the availability of the rights of the current user to remove and change access permissions of the Obj_1 object is checked. The appropriate record is added to the access protocol. If the mandatory access control was activated in the repository and the level, for which the marking of objects is provided when exporting and printing, was specified to the object, the Lab variable would contain parameters of the security label that is used for marking. These parameters are displayed in the development environment console.

See also:

IMetabaseObjectDescriptor