CheckAndAuditOperation(Operation: Integer; Comment: String; State: MetabaseObjectAuditOperationState): Decimal;
Operation. Mask of the checked/recorded operations, the availability of rights to which it is necessary to check for the current user. To create a mask value, it is necessary to use the MetabaseObjectPredefinedRights enumeration values. This enumeration contains basic and additional operations on which permissions can be given and access audit can be led. The specific operations are available for defined classes of objects. To use specific operations depending on the object class in a mask there is a possibility to use values of the following enumerations:
CalculatedCubeSpecificRights are specific operations available for calculated cubes
CubeLoaderSpecificRights are specific operations available for loading data in a cube
CubeSpecificRights are specific operations available for different types of cubes
CustomObjectSpecificRights are specific operations available for objects of custom classes
DataBaseSpecificRights are specific operations available for repository object - Database
DictionarySpecificRights are specific operations available for repository objects - MDM Dictionary and Composite MDM dictionary
MDCalcSpecificRights are specific operations available for repository object - Multidimensional calculation on DB server
ProblemSpecificRights are specific operations available for an object of modeling container - Modeling task
ProcedureSpecificRights are specific operations available for repository object - Procedure
TableSpecificRights are specific operations available for the following repository objects - Table, View, Log, External table
ValidationSpecificRights are specific operations available for repository object - Validation rule and Validation group.
Comment. The comment that is entered in the access protocol
State. Variant of operation auditing.
The CheckAndAuditOperation method checks the access permissions of the current user for the specified operations and traces the result in accordance with the chosen variant of the audit.
If the current user does not have rights even to one of the checked operations or the variant of auditing that bans execution of the operation (ForceDeny, ForceDenyAndAudit) was chosen, the exception condition will be generated. Depending on the present settings of scheme auditing and on chosen variant of auditing of the checked operation (State), a record with failed result can be added to access protocol.
The method returns unique key of the record which is written in the access protocol.
If it is necessary to check access permissions for custom class operation, use the IMetabaseCustomObject.CheckAndAuditOperation method.
Executing the example requires a form with the Button1 button. There is a regular report with the Report_11 identifier in the repository.
Add links to the Metabase, Ui system assemblies.
Sub Button1OnClick(Sender: Object; Args: IMouseEventArgs);
Var
MB: IMetabase;
MObj: IMetabaseObjectDescriptor;
Begin
MB := MetabaseClass.Active;
MObj := MB.ItemById("Report_11");
Try
MObj.CheckAndAuditOperation(MetabaseObjectPredefinedRights.Write Or
MetabaseObjectPredefinedRights.Print,
"Check user permissions" ,
MetabaseObjectAuditOperationState.ForceDeny);
Except
On E: Exception Do
WinApplication.InformationBox(E.message);
End Try;
End Sub Button1OnClick;
After executing the example the exception condition is generated (the user does not have enough rights to perform operation). A record with failed result is added to the access protocol, if the auditing for the type of checked object was activated in the settings of scheme auditing.
See also: