Working with Security Manager

The IMetabaseSecurity interface is used to work with the security manager. The security manager can be accessed using the IMetabase.Security property.

Var
    Mb: IMetabase;
    MbSec: IMetabaseSecurity;
Begin
    Mb := MetabaseClass.Active;
    // Security manager
    MbSec := Mb.Security;
    // ...
    // Further work with security manager
    // ...

To make changes to security manager settings, get the Administration license in the code using the IMetabase.RequestLicense method. After the required changes are made and security manager settings are saved, the license must be checked in. To do this, set corresponding variable to empty value:

Var
    Mb: IMetabase;
    MbSec: IMetabaseSecurity;
    Lic: Object;
Begin
    Mb := MetabaseClass.Active;
    // Get license to be able to work with the security manager
    Lic := MB.RequestLicense(UiLicenseFeatureType.Adm);
    // Security manager
    MbSec := Mb.Security;
    // ...
    // Make changes to security manager settings
    // ...
    // Apply changes
    MbSec.Apply;
    // Check in license
    Lic := Null;

When working with security subjects or when changing access permissions, one requires credentials of the user who has user administration permissions on DBMS server. When working in the web application of desktop application, to enter such credentials, one should open the Database Authorization dialog box. The entered credentials are cached and used in the current repository connection session.

When working in Fore, use the ILogonSession.Credentials property to specify credentials. If the current repository user has administration permissions on DBMS server, one can specify value of the ILogonSession.LogonCredentials property as a value for ILogonSession.Credentials:

Var
    Mb: IMetabase;
    Session: ILogonSession;
    Package: ISecurityPackage;
    PswCreds: IPasswordCredentials;
Begin
    Mb := MetabaseClass.Active;
    // Security manager
    Session := Mb.LogonSession;
    // If the current user has administration permissions on DBMS level, specify its credentials:
    Session.Credentials("$SYSTEM"True) := Session.LogonCredentials;
    // Or create new credentials:
    Package := New StandardSecurityPackage.Create;
    PswCreds := Package.CreateCredentials(AuthenticationMode.Password) As IPasswordCredentials;
    PswCreds.UserName := "Admin";
    PswCreds.Password := "Password";
    Session.Credentials("$SYSTEM"True) := PswCreds;
    //...
    // Further work with security manager
    //...

For details about various aspects of security manager work see the following subsections:

See also:

General Principles of Programming Using the Metabase Assembly