GetDeniedAccess(Subject: ISecuritySubject; DesiredAccess: Integer): Integer;
Subject. Security subject, which is checked for presence of denies.
DesiredAccess. Required access mask, relative to which the set denies are calculated.
The GetDeniedAccess method checks if the specified security subject has active denies to execute operations with the current object.
The method calculates denies for the required access mask. The mask value in the DesiredAccess parameter is a 4-byte binary number converted to decimal form. It is necessary to use values of the MetabaseObjectPredefinedRights enumeration type to form mask value. This enumeration contains basic and additional operations, on which permissions can be granted and access auditing can be executed. The specific operations are available for specific object classes. To use specific operations depending on the object class in a mask, one can use values of the following enumerations:
CalculatedCubeSpecificRights - specific operations available for calculated cubes.
CubeLoaderSpecificRights - specific operations available for cube data loader.
CubeSpecificRights - specific operations available for different types of cubes.
CustomObjectSpecificRights - specific operations available for custom class objects.
DataBaseSpecificRights - specific operations available for the Database repository object.
DictionarySpecificRights - specific operations available for the MDM Dictionary and Composite MDM dictionary repository objects.
MDCalcSpecificRights - specific operations available for the Multidimensional Calculation on Database Server repository object.
ProblemSpecificRights - specific operations available for the Modeling Problem modeling container object.
ProcedureSpecificRights - specific operations available for the Procedure repository object.
ScenarioDimensionSpecificRights - specific operations available for the Modeling Scenario repository object.
TableSpecificRights - specific operations available for the following repository objects: Table, View, Log, External Table.
ValidationSpecificRights - specific operations available for the Validation Rule and Validation Group repository object.
The method results in the denies mask that is also formed from elements of the above mentioned enumerations.
Executing the example requires that the repository contains a cube with the STD_CUBE identifier.
Add links to the Metabase system assembly.
Sub UserProc;
Var
Mb: IMetabase;
Subject: ISecuritySubject;
SDesc: ISecurityDescriptor;
Begin
Mb := MetabaseClass.Active;
Subject := Mb.LogonSession.User;
SDesc := Mb.ItemById("STD_CUBE").SecurityDescriptor;
Debug.WriteLine(SDesc.GetDeniedAccess(Subject, MetabaseObjectPredefinedRights.All));
End Sub UserProc;
After executing the example the denies for the cube are calculated for the current user. Denies are calculated relative to the maximum allowed access.
See also: