Authorization (ISecurity Interface)

GetApplicationActionsAuthorizations

Returns authorizations for ApplicationActions in a SoftwareComponent object.

Category: Generalized authorization methods

Interface version: ISecurity 1.1

GetApplicationActionsAuthorizations(credHandle,applicationContext,options,output);

Parameters

Parameter	Type	Direction	Description
credHandle	string	in	Credentials handle identifying a user identity, an empty string, or the Name= of a Role in the form ROLE_rolename.
applicationContext	string	in	The 17-character metadata object identifier of the SoftwareComponent object representing the application on which the actions are registered.
options	string array	in	Two-dimensional string array with two input columns. Specifies additional properties to return about granted ApplicationActions. Supported options are an empty string and the keyword-only options: PERMCOND requests to return any permission conditions that are defined. ALLATTRS requests to return all attributes. An empty string indicates that no additional properties are requested.
output	string array	out	Two-dimensional string array with a varying number of output columns, depending on which OPTIONS are set. Possible columns include the following: Column 0: ActionIdentifier Column 1: PermissionCondition Column 2: 'Y' - user is granted; otherwise, an empty string Column 3: Name Column 4: ActionType Column 5: ObjectIdentifier

Details

The GetApplicationActionsAuthorizations method returns authorizations based on ApplicationAction objects that are associated with a SoftwareComponent object. These authorizations indicate the actions that a user can perform in the application that is represented by the SoftwareComponent object.

The expected use is that applications define ApplicationAction objects that are valid for their application, as well as for a user context. The GetApplicationActionAuthorizations method lists the ApplicationActions for which the specified user has been granted Execute permission.

When a credential handle is used, the method returns authorizations for the identity that corresponds to the specified handle. If the CREDHANDLE parameter is an empty string, the method returns authorizations for the calling user.

If authorization is requested based on role membership, you should specify the Role name in the form ROLE_rolename. In the string ROLE_rolename:

ROLE_ is a character constant prefix.
rolename is the Name= value of a Role object on the SAS Metadata Server.

The PERMCOND option returns any PermissionCondition objects that have been defined to qualify an authorization.

The ALLATTRS option returns the following attributes about each granted ApplicationAction:

ActionIdentifier	fixed system name of the ApplicationAction
Name	localizable name of the ApplicationAction
ActionType	optional application-specific descriptor for the ApplicationAction
ObjectIdentifier	metadata identifier of the ApplicationAction object

Exceptions Thrown

The SAS Open Metadata Interface explicitly returns the following exceptions for the GetApplicationActionsAuthorizations method:

NotTrustedUser
InvalidCredHandle--This exception is also returned when the ROLE_rolename value is invalid or does not exist.
InvalidResourceSpec

Related Methods

IsInRole

Top of Page