SOAP request:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><SetMbSec xmlns="http://www.prognoz.ru/PP.SOM.Som"><tMbSec xmlns=" "> <id>S1!M</id>
</tMbSec>
<tArg xmlns=" "><pattern> <objects>true</objects>
</pattern>
<meta><objects><ods><its><d isShortcut="false" isLink="false" hf="false"> <i>OBJ2</i>
<n>obj2</n>
<k>535</k>
<c>1537</c>
<p>533</p>
<h>false</h>
<sdKey>544</sdKey>
<hasPrv>false</hasPrv>
<ic>false</ic>
</d>
</its>
</ods>
<sds><its><it> <k>544</k>
<isInherited>false</isInherited>
<isSealed>false</isSealed>
<discrete><aces><it><subject> <k>2147483649</k>
<id>ADMINISTRATORS</id>
<n>ADMINISTRATORS</n>
<vis>true</vis>
<type>Group</type>
<sid> <sid>PS-2-1</sid>
<type>Group</type>
</sid>
</subject>
<allow>1</allow>
</it>
<it><subject> <k>2147483649</k>
<id>ADMIN</id>
<vis>true</vis>
<type>User</type>
<sid> <sid>PS-1-1</sid>
<type>User</type>
</sid>
</subject>
<allow>1</allow>
</it>
<it><subject> <k>545</k>
<id>NEWADMIN</id>
<n>NewAdmin</n>
<vis>true</vis>
<type>User</type>
<sid> <sid>PS-1-545</sid>
<type>User</type>
</sid>
</subject>
<allow>98312</allow>
<deny>16</deny>
<audit>98312</audit>
</it>
</aces>
</discrete>
<mandatory><accessToken> <its />
</accessToken>
</mandatory>
<applyFlags>0</applyFlags>
</it>
</its>
</sds>
</objects>
</meta>
<metaGet><pattern> <objects>true</objects>
<objectsFilter><keys> <i>535</i>
</keys>
</objectsFilter>
</pattern>
</metaGet>
</tArg>
</SetMbSec>
</s:Body>
</s:Envelope>
SOAP response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><SetMbSecResult xmlns="http://www.prognoz.ru/PP.SOM.Som" xmlns:q1="http://www.prognoz.ru/PP.SOM.Som" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><id xmlns=" "> <id>S1!M</id>
</id>
<metaGet xmlns=" "><id> <id>S1!M</id>
</id>
<meta><objects><ods><its><d isShortcut="0" isLink="0" hf="0"> <i>OBJ2</i>
<n>obj2</n>
<k>535</k>
<c>1537</c>
<p>533</p>
<h>0</h>
<sdKey>546</sdKey>
<hasPrv>0</hasPrv>
<ic>0</ic>
</d>
</its>
</ods>
<sds><its><it> <k>546</k>
<isInherited>0</isInherited>
<isSealed>0</isSealed>
<discrete><aces><it><subject> <k>2147483649</k>
<id>ADMINISTRATORS</id>
<n>ADMINISTRATORS</n>
<vis>1</vis>
<type>Group</type>
<sid> <sid>PS-2-1</sid>
<type>Group</type>
</sid>
</subject>
<allow>1</allow>
</it>
<it><subject> <k>2147483649</k>
<id>ADMIN</id>
<vis>1</vis>
<type>User</type>
<sid> <sid>PS-1-1</sid>
<type>User</type>
</sid>
</subject>
<allow>1</allow>
</it>
<it><subject> <k>545</k>
<id>NEWADMIN</id>
<n>NewAdmin</n>
<vis>1</vis>
<type>User</type>
<sid> <sid>PS-1-545</sid>
<type>User</type>
</sid>
</subject>
<allow>98312</allow>
<deny>16</deny>
<audit>98312</audit>
</it>
</aces>
</discrete>
<mandatory><accessToken> <its />
</accessToken>
</mandatory>
</it>
</its>
</sds>
</objects>
<bisearchEnable>Disable</bisearchEnable>
</meta>
</metaGet>
</SetMbSecResult>
</soapenv:Body>
</soapenv:Envelope>
JSON request:
{
"SetMbSec" :
{
"tMbSec" :
{
"id" : "S1!M"
},
"tArg" :
{
"pattern" :
{
"objects" : "true"
},
"meta" :
{
"objects" :
{
"ods" :
{
"its" :
{
"d" :
{
"@isShortcut" : "false",
"@isLink" : "false",
"@hf" : "false",
"i" : "OBJ2",
"n" : "obj2",
"k" : "535",
"c" : "1537",
"p" : "533",
"h" : "false",
"sdKey" : "544",
"hasPrv" : "false",
"ic" : "false"
}
}
},
"sds" :
{
"its" :
{
"it" :
[
{
"k" : "544",
"isInherited" : "false",
"isSealed" : "false",
"discrete" :
{
"aces" :
{
"it" :
[
{
"subject" :
{
"k" : "2147483649",
"id" : "ADMINISTRATORS",
"n" : "ADMINISTRATORS",
"vis" : "true",
"type" : "Group",
"sid" :
{
"sid" : "PS-2-1",
"type" : "Group"
}
},
"allow" : "1"
},
{
"subject" :
{
"k" : "2147483649",
"id" : "ADMIN",
"vis" : "true",
"type" : "User",
"sid" :
{
"sid" : "PS-1-1",
"type" : "User"
}
},
"allow" : "1"
},
{
"subject" :
{
"k" : "545",
"id" : "NEWADMIN",
"n" : "NewAdmin",
"vis" : "true",
"type" : "User",
"sid" :
{
"sid" : "PS-1-545",
"type" : "User"
}
},
"allow" : "98312",
"deny" : "16",
"audit" : "98312"
}
]
}
},
"mandatory" :
{
"accessToken" :
{
"its" : ""
}
},
"applyFlags" : "0"
}
]
}
}
}
},
"metaGet" :
{
"pattern" :
{
"objects" : "true",
"objectsFilter" :
{
"keys" :
{
"i" : "535"
}
}
}
}
}
}
}
JSON response:
{
"SetMbSecResult" :
{
"id" :
{
"id" : "S1!M"
},
"metaGet" :
{
"id" :
{
"id" : "S1!M"
},
"meta" :
{
"objects" :
{
"ods" :
{
"its" :
{
"d" :
{
"@isShortcut" : "0",
"@isLink" : "0",
"@hf" : "0",
"i" : "OBJ2",
"n" : "obj2",
"k" : "535",
"c" : "1537",
"p" : "533",
"h" : "0",
"sdKey" : "546",
"hasPrv" : "0",
"ic" : "0"
}
}
},
"sds" :
{
"its" :
{
"it" :
[
{
"k" : "546",
"isInherited" : "0",
"isSealed" : "0",
"discrete" :
{
"aces" :
{
"it" :
[
{
"subject" :
{
"k" : "2147483649",
"id" : "ADMINISTRATORS",
"n" : "ADMINISTRATORS",
"vis" : "1",
"type" : "Group",
"sid" :
{
"sid" : "PS-2-1",
"type" : "Group"
}
},
"allow" : "1"
},
{
"subject" :
{
"k" : "2147483649",
"id" : "ADMIN",
"vis" : "1",
"type" : "User",
"sid" :
{
"sid" : "PS-1-1",
"type" : "User"
}
},
"allow" : "1"
},
{
"subject" :
{
"k" : "545",
"id" : "NEWADMIN",
"n" : "NewAdmin",
"vis" : "1",
"type" : "User",
"sid" :
{
"sid" : "PS-1-545",
"type" : "User"
}
},
"allow" : "98312",
"deny" : "16",
"audit" : "98312"
}
]
}
},
"mandatory" :
{
"accessToken" :
{
"its" : ""
}
}
}
]
}
}
},
"bisearchEnable" : "Disable"
}
}
}
}
public static SetMbSecResult ChangeSecurityDescriptor(MbId metabase, MbSubject subject, string objectId)
{
var somClient = new SomPortTypeClient(); //Proxy object for operation execution
//Source description of object security
var objSecDesc = GetObjectSecurityDescriptor(metabase.id, new int[1] {(int)FindObjectById(metabase, objectId).k });
var objects = objSecDesc.meta.objects;
//Object description
var od = objects.ods.its[0];
//Security description
var sd = objects.sds.its[0];
//Source permissions
var aces = new List();
aces.AddRange(sd.discrete.aces);
//New security element that will be added to description
var tAce = new SdAce()
{
//Permissions to change permissions, import, and export.
//Corresponds with MetabaseObjectPredefinedRights.Access + MetabaseObjectPredefinedRights.ExportData + MetabaseObjectPredefinedRights.ImportData
allow = 98312,
//Allowed actions auditing
audit = 98312,
//Delete denial. Corresponds with MetabaseObjectPredefinedRights.Delete
deny = 16,
subject = subject // Security subject, to which element corresponds
};
aces.Add(tAce);
//Update security elements list in description
sd.discrete.aces = aces.ToArray();
//Access permissions update flag
sd.applyFlags = 0;
sd.isInherited = false;
//Operation execution parameters
var setMbSec = new SetMbSec()
{
tArg = new SetMbSecArg()
{
//Operation execution pattern
pattern = new MbSecMdPattern()
{
objects = true,
},
//Metadata that contain description of changed object security description
meta = new MbSecMd()
{
objects = new MbObjects()
{
ods = new Ods()
{
its = new Od[1] { od }
},
sds = new Sds()
{
its = new Sd[1] { sd }
}
}
},
//Parameters for updating users list after operation execution
metaGet = new GetMbSecArg()
{
pattern = new MbSecMdPattern()
{
objects = true,
objectsFilter = new MbSecOdFilter()
{
keys = new int[1] { (int)od.k }
}
}
}
},
//Repository moniker
tMbSec = new MbId() { id = metabase.id}
};
//Change object access permissions
var result = somClient.SetMbSec(setMbSec);
return result;
}