GetEffectiveRights(Subject: ISecuritySubject): Integer;
Subject. Security subject, for which effective access permissions should be calculated.
The GetEffectiveRights method calculates the effective access permissions of the specified security subject to the repository object.
On calculating effective permissions the selected access control methods are taken into account. If the discretionary access control is used, permissions by classes are calculated additionally for the specific object type.
The effective permissions include all operations, for which the explicit permission was set for the user. The value returned by this method is an access mask. Mask value is a 4-byte binary number converted to decimal form. It is necessary to use a value of the MetabaseObjectPredefinedRights enumeration to check a value of the mask. This enumeration contains main and additional operations, to which it is possible to give permissions. The specific operations are available for defined object classes. Values of the following enumerations can be used to check specific operations depending on the object class:
CalculatedCubeSpecificRights - specific operations available for calculated cubes.
CubeLoaderSpecificRights - specific operations available for cube data loader.
CubeSpecificRights - specific operations available for various types of cubes.
CustomObjectSpecificRights - specific operations available for custom class objects.
DataBaseSpecificRights - specific operations available for the Database repository object.
DictionarySpecificRights - specific operations available for the MDM Dictionary and Composite MDM Dictionary repository objects.
MDCalcSpecificRights - specific operations available for the Multidimensional Calculation on DB Server repository object.
ProblemSpecificRights - specific operations available for the Modeling Problem modeling container object.
ProcedureSpecificRights - specific operations available for the Procedure repository object.
ScenarioDimensionSpecificRights - specific operations available for the Modeling Scenario repository object.
TableSpecificRights - specific operations available for the following repository objects: Table, View, Log, External Table.
ValidationSpecificRights - specific operations available for the Validation Rule and Validation Group repository object.
Basic, additional and specific operations available for specified objects types are shown in theTypes of Events section.
To analyze a mask value, implement a custom function that enables the user to compare separate mask bits with relevant enumerations values. The example of work with access mask is given in the Working with Access Mask section.
Executing the example requires that the repository contains an object with the Obj_1 identifier. There is the TestUser user among the security subjects that were created in the security manager of the current repository.
Sub UserProc;
Var
MB: IMetabase;
MDesc: IMetabaseObjectDescriptor;
SecDesc: ISecurityDescriptor;
Subj: ISecuritySubject;
i: Integer;
Begin
MB := MetabaseClass.Active;
Subj := MB.Security.ResolveName("TestUser");
MDesc := MB.ItemById("Obj_1");
SecDesc := MDesc.SecurityDescriptor;
i := SecDesc.GetEffectiveRights(Subj);
End Sub UserProc;
After executing the example the "i" variable contains a value that corresponds to the effective permissions given to the specified user to the Obj_1 object.
See also: