IMetabasePolicy.RestrictUserDeletion

Syntax

RestrictUserDeletion: Boolean;

Description

The RestrictUserDeletion property determines whether the application administrator is prohibited to delete users who has any access permissions on repository objects.

Comments

The property is relevant to use on separating roles between the information security administrator (ISA) and the application administrator (AA).

The property is set to False by default. If the value is True, the application administrator cannot delete the user who has any permissions on repository objects. On an attempt to delete the user a corresponding message is displayed. Deleting such a user will require to remove all access permissions.

To change the property value the user who executes the setup should have the Changing Security Label and Access Control List of Any Object privilege.

Example

To execute the example, activate the roles separation mode between ISA and AA in the security manager.

Add a link to the Metabase system assembly.

Sub UserProc;
Var 
    MB: IMetabase;
    MS: IMetabaseSecurity;
    Policy: IMetabasePolicy;
    Lic: Object;
Begin
    MB := MetabaseClass.Active;
    
// Check out license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
    MS := MB.Security;
    Policy := MS.Policy;
    
// Prohibit application administrator to delete users
    Policy.RestrictUserDeletion := True;
    
// Save changes
    MS.Apply;
    
// Check in license
    Lic := Null;
End Sub UserProc;

After executing the example if AA tries to delete the user who has any access permissions on repository objects, a corresponding message is displayed.

See also:

IMetabasePolicy