|Authorization (ISecurity Interface)|
Returns authorizations for ApplicationActions in a SoftwareComponent object.
Category: Generalized authorization methods
Interface version: ISecurity 1.1
|credHandle||string||in||Credentials handle identifying a user identity, an empty string, or the Name= of a Role in the form ROLE_rolename.|
|applicationContext||string||in||The 17-character metadata object identifier of the SoftwareComponent object representing the application on which the actions are registered.|
Two-dimensional string array with two input columns. Specifies additional
properties to return about granted ApplicationActions. Supported options are
an empty string and the keyword-only options:
Two-dimensional string array with a varying number of output columns,
depending on which OPTIONS are set.
Possible columns include the following:
Column 0: ActionIdentifier
Column 1: PermissionCondition
Column 2: 'Y' - user is granted; otherwise, an empty string
Column 3: Name
Column 4: ActionType
Column 5: ObjectIdentifier
The GetApplicationActionsAuthorizations method returns authorizations based on ApplicationAction objects that are associated with a SoftwareComponent object. These authorizations indicate the actions that a user can perform in the application that is represented by the SoftwareComponent object.
The expected use is that applications define ApplicationAction objects that are valid for their application, as well as for a user context. The GetApplicationActionAuthorizations method lists the ApplicationActions for which the specified user has been granted Execute permission.
When a credential handle is used, the method returns authorizations for the identity that corresponds to the specified handle. If the CREDHANDLE parameter is an empty string, the method returns authorizations for the calling user.
If authorization is requested based on role membership, you should specify the Role name in the form ROLE_rolename. In the string ROLE_rolename:
ROLE_ is a character constant prefix.
rolename is the Name= value of a Role object on the SAS Metadata Server.
The PERMCOND option returns any PermissionCondition objects that have been defined to qualify an authorization.
The ALLATTRS option returns the following attributes about each granted ApplicationAction:
fixed system name of the ApplicationAction
localizable name of the ApplicationAction
optional application-specific descriptor for the ApplicationAction
metadata identifier of the ApplicationAction object
The SAS Open Metadata Interface explicitly returns the following exceptions for the GetApplicationActionsAuthorizations method:
InvalidCredHandle--This exception is also returned when the ROLE_rolename value is invalid or does not exist.