Previous Page | Next Page

Security Administration (ISecurityAdmin Interface)

SetAuthorizationsOnObj

Sets permissions for identities on a resource.

Category: General authorization administration methods

Syntax

SetAuthorizationsOnObj(tCtxt,resource,flags,authorizations);

Parameters

Parameter Type Direction Description
tCtxt string in Optional handle representing a server-side transaction context.
resource string in Passed resource identifier for the object for which authorizations are defined. If TCTXT is used, do not specify a value for RESOURCE.
flags int in
SECAD_ACT_CONTENTS

When TCTXT or RESOURCE references an ACT, this flag specifies to apply the authorizations to the ACT's content, rather than to the authorizations that protect the ACT.
authorizations string array in Passed two-dimensional string array with five columns. Each row in the array represents a permission being set for an identity. See the "Details" section for more information.
Column 0:

Specify Person, IdentityGroup, or Role, indicating the identity's type.

Column 1:

Specify the identity's Name= value.

Column 2:

Specify a permission directive: D for Deny, G for Grant, or R for Remove.

Column 3:

Specify a Permission name. For example, Read, Write, and so on. Caution: If you specify R in column 2 and leave column 3 empty, then all permissions will be removed for the identity that is identified in columns 0 and 1.

Column 4:

Specify a permission condition for the identity and permission, or leave empty.

Details

The SetAuthorizationsOnObj method adds or removes permissions for an identity on a resource. The TCTXT or RESOURCE parameter and the AUTHORIZATIONS parameter are required. Other parameters can have a null value.

TCTXT or RESOURCE can specify an application metadata object or an ACT. When RESOURCE is an ACT, be aware that the SECAD_ACT_CONTENTS flag changes the behavior of the method. When this flag is set, the permission changes that you specified in AUTHORIZATIONS are applied to the contents that define the ACT. As a result, the changes affect all objects with which the ACT is associated. When this flag is not set, the permission changes are applied to the authorizations that protect the ACT object.

Use the AUTHORIZATIONS string to specify which identities are affected and the permissions that should be added or removed. The method uses this input to define or modify ACT and ACE objects on the SAS Metadata Server. Any permission conditions that you specify define or modify PermissionCondition objects.

The SetAuthorizationsOnObj method fails if the requesting user does not have ReadMetadata and WriteMetadata permissions on the target resource.

Exceptions Thrown

The SAS Open Metadata Interface explicitly returns the following exceptions for the SetAuthorizationsOnObj method:

Examples

The following code fragment shows how the SetAuthorizationsOnObj method is issued in a Java environment: 

		public void setAuthorizationsOnObj(String transCtxt, String resource, int options, 
String[][] auths ) throws Exception {

			try
			{
				iSecurityAdmin.SetAuthorizationsOnObj(transCtxt, resource, options, auths);
			}
			catch (Exceptions e) {
				System.out.println("SetAuthorizationsOnObj:  Exceptions");
				e.printStackTrace();
				throw e;
			}
}

The following example issues the SetAuthorizationsOnObj to define authorizations in a predefined ACT identified as ACTspec. 

public void defineACT() throws Exception {               
        // Authorizations to place in the ACT
        final String[][] ACTauths = 
                             {{"IdentityGroup", Public, "D", "ReadMetadata", ""},
                              {"IdentityGroup", Public, "D", "WriteMetadata", ""},
                              {"Person", testUserName, "G", "ReadMetadata", ""},
                              {"Person", testUserName, "G", "WriteMemberMetadata",""},
                              {"Person", testUserName, "G", "CheckinMetadata", ""}};
                        
        try {
         // Set the authorizations defined in ACTauths on the ACT identified 
         // by ACTspec. Note that tCtxt is null, because resource has a value.          
 iSecurityAdmin. setAuthorizationsOnObj(
           "",
           ACTspec,
           ISecurityAdmin.SECAD_ACT_CONTENTS,
           ACTauths
           );
         }
        catch (Exception e ){
                throw e;
        }
}

Related Methods

Previous Page | Next Page | Top of Page

Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.