To report a found bug,
please, select the text with the bug and click Report a Bug or
CTRL+ENTER.
Help
system 10.4 of 09/07/2024,
©
FORESIGHT
PromoteToIsaMode(Isa: IMetabaseUser; [Options: IsaModePromoteOptions = 0]);
Isa. The user who will be the information security administrator (ISA).
Options. It determines parameters of activation of roles separation between the ISA and the application administrator (AA).
The PromoteToIsaMode method activates a mode of roles separation between the information security administrator and the application administrator.
As a value of the Isa parameter, it is required to send the user with the *_ISA account (where * - schema name).
By default, after activation the ISA does not have permissions to update users.
To execute the example make sure that the security manager contains a user with the *_ISA user account (where * - schema name). The roles separation mode between administrators is not used.
Add a link to the Metabase system assembly.
Sub UserProc;
Var
MB: IMetabase;
MS: IMetabaseSecurity;
Isa: IMetabaseUser;
Policy: IMetabasePolicy;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MS := MB.Security;
// Activate roles separation mode
Isa := MS.ResolveName(MB.Id + "_ISA") As IMetabaseUser;
Policy := MS.Policy;
Policy.PromoteToIsaMode(Isa, IsaModePromoteOptions.RestrictAdminAccess Or IsaModePromoteOptions.RestrictIsaAccess);
// Save changes
MS.Apply;
// Check in license
Lic := Null;
End Sub UserProc;
After executing the example a roles separation mode between the ISA and the AA is activated. Users who have privileges as the ISA and the AA cannot open repository objects, the message is displayed that there are not enough permissions to execute the operation.
See also:
IMetabasePolicy | Distribute administrators roles