CheckAndAuditLabel(Operation: Integer; Comment: String; Var Label: ISecurityDocumentLabel);
Operation.Mask that determines operations, the availability of rights to which it is necessary to check for the current user. To create a mask value, it is necessary to use the MetabaseObjectPredefinedRights enumeration values. This enumeration contains basic and additional operations on which permissions can be given and access audit can be led. The specific operations are available for defined classes of objects. To use specific operations depending on the object class in a mask there is a possibility to use values of the following enumerations:
CalculatedCubeSpecificRights are specific operations available for calculated cubes
CubeLoaderSpecificRights are specific operations available for loading data in a cube
CubeSpecificRights are specific operations available for different types of cubes.
CustomObjectSpecificRights are specific operations available for objects of custom classes
DataBaseSpecificRights are specific operations available for repository object - Database
DictionarySpecificRights are specific operations available for repository objects - MDM Dictionary and Composite MDM dictionary
MDCalcSpecificRights are specific operations available for repository object - Multidimensional calculation on DB server
ProblemSpecificRights are specific operations available for an object of modeling container - Modeling task
ProcedureSpecificRights are specific operations available for repository object - Procedure
ScenarioDimensionSpecificRights are specific operations available for the repository object - Modeling Scenario
TableSpecificRights are specific operations available for the following repository objects - Table, View, Log, External table
ValidationSpecificRights are specific operations available for repository object - Validation rule and Validation group.
Comment. The comment that is entered in the access protocol
Label. The variable, to which the parameters of security label will be placed.
The CheckAndAuditLabel method checks the access permissions of the current user for the specified operations and writes the record into the access protocol with the specified comment and also calculates parameters of the security label that is used when printing and exporting the repository objects.
Security label is calculated if the mandatory access to objects is active.
If the current user does not have rights even to one of checked operations, the record with failed result will be entered in the access protocol and the exceptional condition will be generated.
Executing the example requires that the repository contains an object with the Obj_1 identifier.
Add a link to the Metabase system assembly.
Sub UserProc;
Var
MB: IMetabase;
MObj: IMetabaseObjectDescriptor;
SecLabel: ISecurityDocumentLabel;
Begin
MB := MetabaseClass.Active;
MObj := MB.ItemById("Obj_1");
MObj.CheckAndAuditLabel(
MetabaseObjectPredefinedRights.Delete Or
MetabaseObjectPredefinedRights.Access,
"Check whether current user has permissions for the Removal and Change Permissions operations" ,
SecLabel);
If SecLabel.IsON Then
Debug.WriteLine(SecLabel.Label);
Debug.WriteLine(SecLabel.LabelDescription);
Debug.WriteLine(SecLabel.TreatSectionAsDocument);
Debug.WriteLine(SecLabel.User.Name);
End If;
End Sub UserProc;
After executing the example the availability of the rights of the current user to remove and change access permissions of the Obj_1 object is checked. The appropriate record is added to the access protocol. If the mandatory access control was activated in the repository and the level, for which the marking of objects is provided when exporting and printing, was specified to the object, the Lab variable would contain parameters of the security label that is used for marking. These parameters are displayed in the development environment console.
See also: