IMetabaseObjectDescriptor.CheckAndAuditOperation

Syntax

CheckAndAuditOperation(Operation: Integer; Comment: String; State: MetabaseObjectAuditOperationState): Decimal;

Parameters

Operation. Mask of the checked/recorded operations, the availability of permissions, to which it is necessary to check for the current user. To create a mask value, it is necessary to use the MetabaseObjectPredefinedRights enumeration values. This enumeration contains basic and additional operations, on which permissions can be given and access audit can be executed. The specific operations are available for defined object classes. To use specific operations depending on the object class, one can use values of the following enumerations in a mask:

CalculatedCubeSpecificRights are specific operations available for calculated cubes.
CubeLoaderSpecificRights are specific operations available for loading data in a cube.
CubeSpecificRights are specific operations available for different types of cubes.
CustomObjectSpecificRights are specific operations available for objects of custom classes.
DataBaseSpecificRights are specific operations available for the Database repository object.
DictionarySpecificRights are specific operations available for the repository objects - MDM Dictionary and Composite MDM dictionary.
MDCalcSpecificRights are specific operations available for the Multidimensional Calculation on DB Server repository object.
ProblemSpecificRights are specific operations available for the Modeling Problem modeling container object.
ProcedureSpecificRights are specific operations available for the Procedure repository object.
TableSpecificRights are specific operations available for the following repository objects - Table, View, Log, External Table.
ValidationSpecificRights are specific operations available for the Validation Rule and Validation Group repository object.

Comment. The comment that is entered in the access protocol.

State. Variant of operation auditing.

Description

The CheckAndAuditOperation method checks the access permissions of the current user for the specified operations and traces the result in accordance with the chosen variant of the audit.

Comments

If the current user does not have permissions even to one of the checked operations or the variant of auditing that denies execution of the operation (ForceDeny, ForceDenyAndAudit) was chosen, the exception is thrown. Depending on the present settings of schema auditing and on chosen variant of auditing of the checked operation (State), a record with failed result can be added to access protocol.

The method returns unique key of the record, which is written to the access protocol.

If it is necessary to check access permissions for custom class operation, use the IMetabaseCustomObject.CheckAndAuditOperation method.

Example

Executing the example requires a form with the Button1 button. The repository contains a regular report with the Report_11 identifier.

Add links to the Metabase, Ui system assemblies.

Sub Button1OnClick(Sender: Object; Args: IMouseEventArgs);
Var
    MB: IMetabase;
    MObj: IMetabaseObjectDescriptor;
Begin
    MB := MetabaseClass.Active;
    MObj := MB.ItemById("Report_11");
    Try
        MObj.CheckAndAuditOperation(MetabaseObjectPredefinedRights.Write Or
        MetabaseObjectPredefinedRights.Print,
        "Check user permissions" ,
        MetabaseObjectAuditOperationState.ForceDeny);
    Except
    On E: Exception Do
    WinApplication.InformationBox(E.message);
    End Try;
End Sub Button1OnClick;

After executing the example the exception is thrown (the user does not have enough permissions to execute operation). A record with failed result is added to the access protocol, if the auditing for the type of checked object was enabled in the settings of schema auditing.