Previous Page | Next Page

Security Administration (ISecurityAdmin Interface)

GetAuthorizationsOnObj

Returns the authorizations that apply to a resource for specified identities and permissions.

Category: General authorization administration methods

Syntax

GetAuthorizationsOnObj(tCtxt,resource,flags,identities,permissions,authorizations);

Parameters

Parameter Type Direction Description
tCtxt string in Optional handle representing a server-side transaction context.
resource string in Passed resource identifier for the object from which the active permissions are requested. If TCTXT is used, do not specify a value for RESOURCE.
flags int in Passed indicator for optional functionality.
SECAD_ACT_CONTENTS

When TCTXT or RESOURCE references an ACT, this flag returns the authorizations that are defined in the ACT, rather than authorizations that protect the ACT.

SECAD_DO_NOT_RETURN_PERMCOND

Omits PermissionCondition values from column 5 of the AUTHORIZATIONS output array, if associated PermissionCondition objects are found.

SECAD_RETURN_DISPLAY_NAME

Returns the value of each identity's DisplayName= attribute in column 6 of the AUTHORIZATIONS output array.

SECAD_RETURN_ROLE_TYPE

When an IdentityGroup has a GroupType= value of Role, this flag returns the word "Role" in column 1 of the AUTHORIZATIONS output array.
identities string array in Passed two-dimensional string array with two columns. Each row in the array specifies an identity for which permissions are to be queried and returned in the array referenced by the AUTHORIZATIONS parameter. If IDENTITIES is empty, then permissions for all associated identities are returned in the AUTHORIZATIONS output array.
Column 1:

Specify Person, IdentityGroup or Role to indicate the identity type.

Column 2:

Specify the identity's Name= value.
permissions string in Passed string containing zero or more comma-delimited permission names for which authorizations are being queried. If PERMISSIONS is empty, then authorizations on all relevant permissions are returned in the AUTHORIZATIONS output array.
authorizations any array out Returned two-dimensional array with five or six columns. A row is returned for each identity. The order of the rows corresponds to the order of the permissions in the PERMISSIONS parameter. See the "Details" section for more information.
Column 0:

Contains the value Person, IdentityGroup, or Role, indicating the identity type.

Column 1:

Contains the Name= of the identity.

Column 2:

Contains an integer that represents a symbol that indicates Deny or Grant and the origin of the authorization. See the table in the "Details" section for an explanation of the returned values.

Column 3:

Contains a Permission name. For example, ReadMetadata, WriteMetadata, and so on.

Column 4:

Contains a PermissionCondition value for the identity and permission, unless the SECAD_DO_NOT_RETURN_PERMCOND flag is set. If this flag is set, the column is empty or contains the results of the SECAD_RETURN_DISPLAY_NAME, if the SECAD_RETURN_DISPLAY_NAME flag is set.

Column 5:

Contains the DisplayName= value of the identity, if the SECAD_RETURN_DISPLAY_NAME flag is set, and the SECAD_DO_NOT_RETURN_PERMCOND flag is not set. If SECAD_DO_NOT_RETURN_PERMCOND is set, the column is empty.

Details

The GetAuthorizationsOnObj method returns authorizations for the resource specified by the TCTXT or RESOURCE parameter.

Grant or denial of a permission for an identity is indicated by an integer in column 2 of the array that is returned in the AUTHORIZATIONS parameter. Nine integer values are supported, which correspond with a symbol that indicates the origin of the authorization and whether the permission is granted. The integer values are described in the following table.

Authorization Integer Translation Table
Integer Symbol Permission Type Description
1 SECAD_PERM_EXPD Explicit Deny Deny was specified directly on the object.
2 SECAD_PERM_EXPG Explicit Grant Grant was specified directly on the object.
0x03 SECAD_PERM_EXPM Explicit Mask Mask to extract explicit value.
4 SECAD_PERM_ACTD ACT Deny Deny from an ACT other than the default ACT.
8 SECAD_PERM_ACTG ACT Grant Grant from an ACT other than the default ACT.
0x0C SECAD_PERM_ACTM ACT Mask Mask to extract ACT value.
16 SECAD_PERM_NDRD Indirect Deny Deny from IdentityGroup inheritance or from the default ACT.
32 SECAD_PERM_NDRG Indirect Grant Grant from IdentityGroup inheritance or from the default ACT.
0X30 SECAD_PERM_NDRM Indirect Mask Mask to extract indirect value.

Exceptions Thrown

The SAS Open Metadata Interface explicitly returns the following exceptions for the GetAuthorizationsOnObj method:

Examples

The following code fragment shows how the GetAuthorizationsOnObj method is issued in a Java environment: 

		public void getAccessControlTemplateList(String transCtxt, String repositorySpec, 
int options, VariableArray2dOfStringHolder ACTlist ) throws Exception {
		
			try
			{
				iSecurityAdmin.GetAccessControlTemplateList(
				      transCtxt,
				      repositorySpec,
				      options,
				      ACTlist
				      );

			}
			catch (Exception e) {
				System.out.println("GetAccessControlTemplateList: Exceptions");
				e.printStackTrace();
				throw e;
			}
}

The example issues the GetAuthorizationsOnObj method to get the inherited authorizations on a table that is identified by Table_URN.

public void testAuthsOnTable() throws Exception {			
		try {
		// Get existing authorizations on the table. 
		iSecurityAdmin.GetAuthorizationsOnObj(
		     "",
		     Table_URN,
		     0,
		     Identities,
		     Permissions,
		     authRslt
		     );

		}
	        catch (Exception e)
	          {
		throw e;
	         }
}

Related Methods

Previous Page | Next Page | Top of Page

Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.