CurrentDomainSubjectAddState(Type: SecuritySubjectType): DomainSubjectAddState;
Type. Type of the security subjects, which adding parameters should be determined.
The CurrentDomainSubjectAddState property determines settings of adding domain security subjects.
The settings made in the CurrentDomainSubjectAddState property will be applied for all added users. This property is identical to the IMetabase.CurrentDomainSubjectAddState property.
Executing the example requires the GROUP1 domain where there are users containing TEST* in their names. The corresponding users are also created on the DB server and have specific grants on the current repository objects.
Add a link to the Metabase system assembly.
Sub UserProc;
Var
MB: IMetabase;
MBSec: IMetabaseSecurity;
SubSearch: ISecuritySubjectsSearch;
Subjects: ISecuritySubjects;
Subject: ISecuritySubject;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MBSec := MB.Security;
// Get object to find users
SubSearch := MBSec.NewSubjectsSearch;
SubSearch.NameCriteria := "GROUP1\TEST*";
// Set search only of domain users
SubSearch.AreaIncludeDB := False;
SubSearch.AreaIncludeNT := True;
SubSearch.SubjectCriteria(SecuritySubjectType.User) := True;
SubSearch.ExecuteSearch;
// Get users
Subjects := SubSearch.Subjects;
If Subjects.Count > 0 Then
// Set parameters for adding domain users
MBSec.CurrentDomainSubjectAddState(SecuritySubjectType.User) :=
DomainSubjectAddState.MakeExternalOn
Or DomainSubjectAddState.ManageDBGrantsOff
Or DomainSubjectAddState.Keep;
// Add all found users
For Each Subject In Subjects Do
MBSec.AddNTSubject(Subject);
End For;
// Save changes
MBSec.Apply;
// Check in license
Lic := Null;
End If;
End Sub UserProc;
After executing the example, all domain users whose names meet the GROUP1\TEST* mask are searched. The found users are added to a repository users list. An indicator of users connected from the server is set for the users. When granting privileges and permissions for repository objects, the corresponding grants in the repository database are not given.
See also: