| Security Administration (ISecurityAdmin Interface) |
Returns Person, IdentityGroup, and Role objects associated with a specified
resource.
Category: General authorization administration methods
GetIdentitiesOnObj(tCtxt,resource,flags,id_List);
|
Parameter |
Type |
Direction |
Description |
|
tCtxt |
string |
in |
Optional handle representing a server-side transaction context. |
|
resource |
string |
in |
Passed resource identifier for the object for which identities are being
queried. If TCTXT is used, do not specify a value for RESOURCE. |
|
flags |
int |
in |
- SECAD_ACT_CONTENTS
-
When TCTXT or RESOURCE references an ACT, this flag specifies
to return the identities that have permissions defined in the ACT, rather
than permissions defined to protect the ACT.
- SECAD_RETURN_DISPLAY_NAME
-
Returns the value of the DisplayName= attribute of each
identity.
- SECAD_RETURN_ROLE_TYPE
-
When a returned IdentityGroup has a GroupType= value of
Role, this flag returns the word "Role" in column 1 of the ID_LIST
output array.
- SECAD_RETURN_IDENTITY_ORIGIN
-
Returns one or two characters that indicate the origin of
each identity.
-
D--indicates the origin was a direct ACE or ACT defined on
the object.
-
I--indicates an inherited identity, or an identity set in
the default ACT.
-
DI--indicates the identity comes from both direct and inherited
origins.
|
|
id_List |
string array |
out |
Returned two-dimensional string array of identity values with two to
four columns. Each row in the array represents an identity. The content of
the columns depends on which flags were set. See the "Details"
section for more information.
- Column 0:
-
Contains the value Person, IdentityGroup or Role, indicating
the identity type.
- Column 1:
-
Contains the Name= value of the identity.
- Column 2:
-
If both the SECAD_RETURN_IDENTITY_ORIGIN and SECAD_RETURN_DISPLAY_NAME
flags are set, contains the DisplayName= value of the identity. If SECAD_RETURN_DISPLAY_NAME
is not set and SECAD_RETURN_IDENTITY_ORIGIN is set, contains a value indicating
the origin of the permission.
- Column 3:
-
Contains a value indicating the origin of an identity's
permission, or is empty, depending on which flags are set in the GetIdentitiesOnObj
request.
|
The GetIdentitiesOnObj method returns Person, IdentityGroup, and Role
objects that have permissions defined on a specified resource. Flags can be
set to return the identity's DisplayName= value and a value describing the
origin of the permission.
When the specified resource is an ACT object, the method lists the identities
that are assigned permissions to protect the ACT, unless the SECAD_ACT_CONTENTS
flag is set. When this flag is set, the method lists identities that have
permissions defined in the ACT.
The SAS Open Metadata Interface explicitly returns the following exceptions
for the GetIdentitiesOnObj method:
Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.
