|
%SYS
|
|
|
%SYS
|
|
Define the security Role database, and methods which manipulate them. More...
Public Attributes | |
| Description | |
| Description of the role. More... | |
| GrantedRoles | |
| Roles assigned to the Role. More... | |
| Name | |
| Role Name. More... | |
| Resources | |
| Resource/Permission pairs the role holds. More... | |
Private Attributes | |
| __ForceSave | |
| Used to force a save of the object. More... | |
Define the security Role database, and methods which manipulate them.
The system includes a set of pre-defined System roles. System roles cannot be deleted. Legacy system roles may be deleted.
Role names have the following properties:
1) Role names are case insensitive.
2) Maximum length of a role name is 64 characters.
3) Role name cannot contain a "," or ":"
4) Role name cannot start with a "%" unless it is a pre-defined system role
A role may exist which has no resources.
DB_* implicit roles cannot be modified
The Admin Secure:USE permission is required to operate on a resource
The table for this class should be manipulated only through object access, the published API's or through the System Management Portal. It should not be updated through direct SQL access.
|
static |
Copy a Role.
Copy an existing role in the Security database to a new one.
Parameters:
Name - Name of the role to be copied
NewName - Name of the role to be created
Description - Description of the new role
|
static |
CopySQLPrivileges will copy SQL Admin Privileges and SQL Object Privileges from pFromRole to pToRole.
Parameters:
pFromRole - Name of the role to copy SQL privileges from
pToRole - Name of the role to copy SQL privileges to
pNamespaceList - is a $Lb(namespace names). If pNamespaceList is not specified or is "", the copy will be performed for ALL namespaces. Otherwise supply a specific list of namespace you want to copy the privileges for.
The privilege will be copied with the SAME grantor and grantee. This means if UsersA granted a privilege to UserB, and UserC calls CopySQLPrivileges to copy privs from UserB to UserD, the privileges UserD gets will have been granted by UserA. You must have the Admin_Secure resource in order to call this API. CopySQLPrivileges returns a Status code
|
static |
Create a Role.
Create a Role in the Security database.
Parameters:
Name - Name of the role to create
Description - Description of the role
Resources - Resource/permission pairs to assign to the role
Resources are in the format:
ResourceName:Permission,ResourceName:Permission
For example:
s Resources="MyResource:RW,MyResource1:RWU"
s Resources="" would create a role with no resources.
Permision values are as follows:
"R"
"W"
"U"
GrantedRoles - Additional roles granted when this role is granted to a user
GrantedRoles are in the format:
"GrantedRole1,GrantedRole2"
|
static |
Delete a role.
This method will delete a role from the security database and remove the role from all the users which hold this role. It will then update the in memory security database to mark this role as "No access" for all resources this role holds. Pre-defined system roles cannot be deleted.
Parameters:
Name - Name of role to delete
|
static |
Role exists.
This method checks for the existence of a role in the security database.
Parameters:
Name - Name of the role to check existence of
Return values:
If Value of the method = 0 (Role does not exist, or some error occured)
Role = Null
Status = Role "x" does not exist, or other error message<br>
If Value of the method = 1 (Role exists)
Role = Object handle to role
Status = $$$OK
|
static |
This method exports Role records to a file in xml format.
Parameters:
Filename - Output file name
NumExported (byref) - Returns number of records exported.
Roles - Comma separated list of Roles to export, "*" = All
Resources - Comma separated list of Resource names, "*" = All. Export Roles containing only these resources
SQLPrivileges - 1/0 flag. If 1, export all SQL Privileges from all namespace on this system that have been directly granted to this Role
NumSQLPrivilegesExported *byref) - Returns number of SQL Privileges and SQL Admin Privilege Set records exported
Note: Database roles starting with DB_ will not be exported.
|
static |
Get a role's properties.
Gets a role's properties from the security database.
Parameters:
Name - Name of the role to get
Return values:
Properties - Array of properties
Properties("Description") - Description of the role
Properties("Resources") - Resource names/permission pairs Resources are in the format:
ResourceName:Permission,ResourceName:Permission
For example:
Properties("Resources")="MyResource:RW,MyResource1:RWU"
Properties("GrantedRoles")=List of granted roles
For example:
Properties("GrantedRoles")="GrantedRole,GrantedRole1"
|
static |
Get a role's properties.
Gets a role's properties from the security database.
Parameters:
Role - Object handle to a role record
Return values:
Properties - See the Get method for more information on properties returned
|
static |
Import Role records from an xml file.
Parameters:
FileName - Filename to import Role records from
NumImported (byref) - Returns number of records imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
|
static |
Modify a role.
Modify an existing role's properties in the security database.
Parameters:
Name - Name of the role to modify
Properties - Array of properties to modify.
See the Get() method for a description of the Properties parameter.
Properties("Resources")="" removes all resources from a role.
If a specific property is not passed in the properties array, the value is not modified.
|
static |
Rename a role, and update all associated tables.
| Description |
Description of the role.
|
private |
Used to force a save of the object.
| GrantedRoles |
Roles assigned to the Role.
| Name |
Role Name.
Resource/Permission pairs the role holds.
1.9.1