ManageDBGrants: Boolean;
The ManageDBGrants property determines whether the current user will be given the permissions on DBMS level.
This property can be changed only when a new user is created in the repository.
If the property is set to True, the appropriate grants will be given to the user on the DBMS server after creation of the user in the repository and change of his privileges or granting permissions to repository objects.
If the property is set to False, the appropriate grants will not be given to the user on the DBMS server after creation of the user in the repository and change of his privileges or granting rights to repository objects. This option is relevant if the created user is connected from the server and already has some grants to platform objects.
Executing the example requires the GROUP domain with the TESTER user. The user is created on DB server and is granted permissions for objects of the current repository.
Add a link to the Metabase system assembly.
Sub UserProc;
Var
MB: IMetabase;
MBSec: IMetabaseSecurity;
SubSearch: ISecuritySubjectsSearch;
Subjects: ISecuritySubjects;
Subject: ISecuritySubject;
Lic: Object;
Begin
MB := MetabaseClass.Active;
// Check out license to work with security manager
Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
MBSec := MB.Security;
// Set parameters for adding domain users
MB.CurrentDomainSubjectAddState(SecuritySubjectType.User) :=
DomainSubjectAddState.MakeExternalOff
Or DomainSubjectAddState.ManageDBGrantsOn
Or DomainSubjectAddState.Keep;
// Set object to search for domain users
SubSearch := MBSec.NewSubjectsSearch;
SubSearch.NameCriteria := "GROUP\TESTER";
SubSearch.AreaIncludeDB := False;
SubSearch.AreaIncludeNT := True;
SubSearch.SubjectCriteria(SecuritySubjectType.User) := True;
SubSearch.ExecuteSearch;
// Change parameters of found user
Subjects := SubSearch.Subjects;
Debug.WriteLine(Subjects.Count);
If Subjects.Count > 0 Then
Subject := Subjects.Item(0);
Subject := MBSec.AddNTSubject(Subject);
// Change parameters of added domain user
// These parameters do not correspond with the parameters that
// were set in the CurrentDomainSubjectAddState property
(Subject As IMetabaseUser).External := True;
(Subject As IMetabaseUser).ManageDBGrants := False;
// Save changes
MBSec.Apply;
// Check in license
Lic := Null;
End If;
End Sub UserProc;
After executing the example, the GROUP\TESTER domain user is searched for. If the user name is found, it is added to the repository users list. On adding the user name the user is assigned the attribute of the one connected from server. When granting privileges and objects access permissions the corresponding permissions are not granted to the user in the repository database.
See also: