Security Administration (ISecurityAdmin Interface)

Overview of the ISecurityAdmin Server Interface

The methods described in this section are provided in the ISecurityAdmin server interface, and can be used in a SAS Open Metadata Interface client that you create to administer authorizations on metadata resources and to manage ACTs.

ISecurityAdmin methods are available only in the standard interface. For more information, see Communicating with the SAS Metadata Server.

ISecurityAdmin contains three categories of methods:

Transaction context methods enable programmers of interactive clients to record user interactions and return correct effective permissions for authorization changes, factoring in group memberships, before applying the changes to authorization metadata on the SAS Metadata Server. The BeginTransactionContext method creates a transaction context by returning a handle for a specified object. General authorization administration methods reference this handle in their requests. The transaction context is closed by using the EndTransactionContext method, which can commit or discard the changes.
General authorization administration methods enable programmers to easily set and get authorizations on resources, list authorized identities on resources, and apply and remove ACTs from resources.
ACT administration methods create, modify, list, and destroy ACTs.

The following information applies to all of the ISecurityAdmin methods.

Errors are surfaced through exception-handling in IOM. Each method returns a set of documented exceptions. Use TRY and CATCH logic in your Java program to determine when an exception is returned. If your client does not need to handle specific exceptions for an ISecurityAdmin method, then the generic Java exception might be caught.
The methods define and get authorizations on user and resource metadata that is defined in SAS Metadata Repositories. User metadata is defined by using the SAS Management Console User Manager plug-in or by extracting user and group definitions from an enterprise source with import macros. Resource metadata can be created with the SAS Java Metadata Interface or other SAS Open Metadata Architecture clients.
The requesting user must have ReadMetadata permission on the target resource to use ISecurityAdmin methods that read access control information. The requesting user must have ReadMetadata and WriteMetadata permissions on the target resource to use ISecurityAdmin methods that modify access control information. These methods include SetAuthorizationsOnObj(), ApplyAccessControlTemplateToObj(), RemoveAccessControlTemplateFromObj(), DestroyAccessControlTemplate(), and SetAccessControlTemplateAttribs(). The requesting user must have WriteMetadata permission on the default ACT of the specified repository to use CreateAccessControlTemplate().
In the examples, iSecurityAdmin is an instantiation of the ISecurityAdmin interface.

Top of Page