IMetabaseObjectDescriptor.CheckAndAuditOperationLabel

Syntax

CheckAndAuditOperationLabel(Operation: Integer; Comment: String; State: MetabaseObjectAuditOperationState; Var Label: ISecurityDocumentLabel): Decimal;

Parameters

Operation. Mask of the checked/recorded operations, the availability of rights to which it is necessary to check for the current user. To create a mask value, it is necessary to use the MetabaseObjectPredefinedRights enumeration values. This enumeration contains basic and additional operations on which permissions can be given and access audit can be led. The specific operations are available for defined classes of objects. To use specific operations depending on the object class in a mask there is a possibility to use values of the following enumerations:

Comment. The comment that is entered in the access protocol.

State. Variant of operation auditing.

Label. The variable, to which the parameters of security label will be placed.

Description

The CheckAndAuditOperationLabel method checks access permissions of the current user to execute the specified operations and writes a protocol of check result according to selected audit option and calculates parameters of security label used on printing and exporting repository objects.

Comments

Security label is calculated if the mandatory access to objects is active.

If the current user does not have rights even to one of the checked operations or the variant of auditing that bans execution of the operation (ForceDeny, ForceDenyAndAudit) was chosen, the exception condition will be generated. Depending on the present settings of scheme auditing and on chosen variant of auditing of the checked operation (State), a record with failed result can be added to access protocol.

The method returns unique key of the record which is written in the access protocol.

If it is necessary to check access permissions for custom class operation, use the IMetabaseCustomObject.CheckAndAuditOperationLabel method.

Example

Executing the example requires a form with the Button1 button. There is a regular report with the Report_11 identifier in the repository.

Add links to the Metabase, Ui system assemblies.

Sub Button1OnClick(Sender: Object; Args: IMouseEventArgs);
Var
    mb: IMetabase;
    MObj: IMetabaseObjectDescriptor;
    Label: ISecurityDocumentLabel;
Begin
    mb := MetabaseClass.Active;
    MObj := mb.ItemById(
"Report_11");
    
Try
        MObj.CheckAndAuditOperationLabel(MetabaseObjectPredefinedRights.Write 
Or
        MetabaseObjectPredefinedRights.Print,
        
"Check user permissions" ,
        MetabaseObjectAuditOperationState.ForceAudit,
        Label);
        
Except
        
On E: Exception Do
        WinApplication.InformationBox(E.message);
    
End Try;
    
If Label.IsON Then
        Debug.WriteLine(Label.Label);
        Debug.WriteLine(Label.LabelDescription);
        Debug.WriteLine(Label.TreatSectionAsDocument);
        Debug.WriteLine(Label.User.Name);
    
End If;
End Sub Button1OnClick;

After executing the example the availability of the rights of the current user to change and print the Report_11 object is checked. A record about the execution of operation is added to the access protocol. If the mandatory access control was activated in the repository and the access level, for which the marking of objects was activated when exporting and printing, was specified to the object, the Label variable contain parameters of the security label that is used for marking. These parameters are displayed in the development environment console.

See also:

IMetabaseObjectDescriptor