ISecurityDescriptor.HasAccessAudit

Syntax

HasAccessAudit(Subject: ISecuritySubject; DesiredAccess: Integer; Var Access: Boolean; Var Audit: Boolean);

Parameters

Subject. Security subject, which is checked for presence of permissions for particular operations with the object.

DesiredAccess. Mask that determines operations, permissions for which must be checked for the Subject security subject. It is necessary to use values of the MetabaseObjectPredefinedRights enumeration type to form mask value. This enumeration contains basic and additional operations, on which permissions can be given and access auditing can be executed. The specific operations are available for defined object classes. To use specific operations depending on the object class in a mask there is a possibility to use values of the following enumerations:

Access. The variable that determines whether there are permissions to execute the specified operations with the object. The variable is set to True if the security subject has permissions to execute all the specified operations with the object.

Audit. The variable that determines whether the specified operations for the Subject security subject are audited. The variable is set to True if the specified security subject is audited at least by one of the specified operations.

Description

The HasAccessAudit method checks and returns whether the user has permissions to execute the specified operations and whether the specified operations with object are audited.

Example

Executing the example requires that the repository contains an object with the Obj_1 identifier. There is the TestUser user among the security subjects that were created in the security manager of the current repository.

Sub UserProc;
Var
    MB: IMetabase;
    MDesc: IMetabaseObjectDescriptor;
    SecDesc: ISecurityDescriptor;
    Subj: ISecuritySubject;
    b, b1: Boolean;
Begin
    MB := MetabaseClass.Active;
    Subj := MB.Security.ResolveName("TestUser");
    MDesc := MB.ItemById("Obj_1");
    SecDesc := MDesc.SecurityDescriptor;
    SecDesc.HasAccessAudit(Subj,
        MetabaseObjectPredefinedRights.Access +
        MetabaseObjectPredefinedRights.Delete, b, b1);
End Sub UserProc;

After executing the example the "b" variables determine whether the user has permissions to change permissions and remove the object, and the "b1" variable determines whether one of these operations is audited. The check is made for the Obj_1 repository object relative to the TestUser user.

See also:

ISecurityDescriptor