ISecurityDescriptor.GetEffectiveRights

Syntax

GetEffectiveRights(Subject: ISecuritySubject): Integer;

Parameters

Subject. Security subject, for which effective access permissions should be calculated.

Description

The GetEffectiveRights method calculates the effective access permissions of the specified security subject to the repository object.

Comments

On calculating effective permissions the selected access control methods are taken into account. If the discretionary access control is used, permissions by classes are calculated additionally for the specific object type.

The effective permissions include all operations, for which the explicit permission was set for the user. The value returned by this method is an access mask. Mask value is a 4-byte binary number converted to decimal form. It is necessary to use a value of the MetabaseObjectPredefinedRights enumeration to check a value of the mask. This enumeration contains main and additional operations, to which it is possible to give permissions. The specific operations are available for defined object classes. Values of the following enumerations can be used to check specific operations depending on the object class:

Basic, additional and specific operations available for specified objects types are shown in theTypes of Events section.

To analyze a mask value, implement a custom function that enables the user to compare separate mask bits with relevant enumerations values. The example of work with access mask is given in the Working with Access Mask section.

Example

Executing the example requires that the repository contains an object with the Obj_1 identifier. There is the TestUser user among the security subjects that were created in the security manager of the current repository.

Sub UserProc;
Var
    MB: IMetabase;
    MDesc: IMetabaseObjectDescriptor;
    SecDesc: ISecurityDescriptor;
    Subj: ISecuritySubject;
    i: Integer;
Begin
    MB := MetabaseClass.Active;
    Subj := MB.Security.ResolveName("TestUser");
    MDesc := MB.ItemById("Obj_1");
    SecDesc := MDesc.SecurityDescriptor;
    i := SecDesc.GetEffectiveRights(Subj);
End Sub UserProc;

After executing the example the "i" variable contains a value that corresponds to the effective permissions given to the specified user to the Obj_1 object.

See also:

ISecurityDescriptor