IMetabaseSecurity.MetabaseClassesSecurityDescriptors

Syntax

MetabaseClassesSecurityDescriptors: IMetabaseClassesSecurityDescriptors;

Description

The MetabaseClassesSecurityDescriptors property returns security parameters of object type.

Comments

The property is relevant on setting up discretionary access control in access control settings for object type. Effective Permissions for object are calculated taking into account discretionary permissions configured for object type.

Example

To execute the example make sure that security manager contains the USER user and the administrator is allowed to execute all operations with the Table object type on setting up parameters of access control on the Discretionary Access Control tab.

Add a link to the Metabase system assembly.

Sub UserProc;
Var
    MB: IMetabase;
    SecDescrs: IMetabaseClassesSecurityDescriptors;
    ClassSecDescr: IMetabaseClassSecurityDescriptor;
    MS: IMetabaseSecurity;
    SecDescr: ISecurityDescriptor;
    Lic: Object;
    Type: AceType;
    Sid: ISid;
Begin
    MB := MetabaseClass.Active;
    
// Check out license to work with security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
    MS := MB.Security;
    
// Get security parameters of the Table object type
    SecDescrs := MS.MetabaseClassesSecurityDescriptors;
    ClassSecDescr := SecDescrs.Add(MetabaseObjectClass.KE_CLASS_TABLE);
    SecDescr := ClassSecDescr.Descriptor;
    SecDescr.Edit;
    
// Deny any operations with tables to the USER user
    Type := AceType.AccessDenied;
    Sid := MB.Security.ResolveName(
"USER").Sid;
    SecDescr.Acl.AddAce(Type, Sid, MetabaseObjectPredefinedRights.All);
    SecDescr.Apply(
False);
    
// Save changes
    MS.Apply;
    
// Check in license
    Lic := Null;
End Sub UserProc;

After executing the example the USER user will be forbidden to execute any operations with tables.

See also:

IMetabaseSecurity