 |
|
| Authorization (ISecurity Interface) |
GetInfo
Retrieves identity information, depending on the value in the INFOTYPE parameter, including the origin of a specified user's privileges, the value of active enterprise policies, and so on.
Category: Generalized authorization methods
Interface version: ISecurity 1.1
| Syntax |
GetInfo("infoType",identity,options,output);
| Parameters |
| Details |
If IDENTITY is an empty string, then "INFOTYPE" requests information for the connected user. If IDENTITY is a credential handle or URN-like identifier, and the connected user is a trusted user, then information is returned for the specified identity. For information about the format of a URN, see Identifying Resources to ISecurity Methods.
The IdentityType:Name form enables clients to obtain identity information when a credential cannot be obtained. This can happen because the associated login is not known or is not available in a particular scenario. An example of this type of scenario is when a client needs to determine whether an identity has extended privileges as a result of membership in the Unrestricted, User Administrator, or Operator roles, but has no way to authenticate the identity using any of the identity's logins. A connected user must have ReadMetadata permission to the requested Identity object in order to obtain information about it. The following are examples of how the IdentityType:Name form is used:
'Person:Jane' 'IdentityGroup:AccountingDept' 'Role:AccountsPayableClerks'
A description of each "INFOTYPE" value and its options follows.
"GetIdentityInfo"
The "GetIdentityInfo" value supports the following option keywords:
- ReturnUnrestrictedSource
-
Returns an additional row in the output array if the specified user is an unrestricted user. Otherwise, an additional row is not returned. When a row is returned, the valid values are the following:
- Role
-
Indicates the user identity is a member of the SAS Metadata Server: Unrestricted role.
- ConfigFile
-
Indicates the user has a login user ID that matches a *userID entry in the adminUsers.txt file.
- Role, ConfigFile
-
Indicates the user is unrestricted from both the Role and ConfigFile sources.
- UserClass
-
Returns one or more of the following values that describe the source of the identity's privileges. When Unrestricted is returned, all of the privileges of Administrator and Operator are assumed. The privileges of Trusted are not assumed.
- Unrestricted
-
Indicates the privilege comes from a *userID entry in the adminUsers.txt file, or from a metadata identity that has membership in the SAS Metadata Server: Unrestricted role.
- Administrator
-
Indicates the privilege comes from a user ID entry in the adminUsers.txt file that does not have an asterisk.
- IdentityAdmin
-
Indicates the privilege comes from a metadata identity that has membership in the SAS Metadata Server: User and Group Administrators role.
- Operator
-
Indicates the privilege comes from a metadata identity that has membership in the SAS Metadata Server: Operator role.
- Normal
-
Indicates the user does not have any special privileges.
- Trusted
-
Indicates the privilege comes from a user ID entry in the trustedUsers.txt file.
- AuthenticatedUserid
-
Returns the domain-qualified user ID used to make the connection to the SAS Metadata Server, or the domain-qualified user ID corresponding to the specified CREDHANDLE.
- IdentityName
-
Returns the Name= value of the Person or IdentityGroup object that corresponds to the authenticated user ID.
- IdentityType
-
Returns Person or IdentityGroup.
- IdentityObjectID
-
Returns the 17-character metadata object identifier of the specified identity.
- UnrestrictedSource
-
Valid values are Role, ConfigFile, or 'Role, ConfigFile'.
"EnterprisePolicies"
The "EnterprisePolicies" value requests enterprise policies. It supports the following option keywords:
- ALL
-
Specifies to return all enterprise policies and their values.
- SASSEC_LOCAL_PW_SAVE
-
Specifies to return the value of the SASSEC_LOCAL_PW_SAVE= server configuration option. This server configuration option specifies whether users can create a local copy of the user ID and password that they submit when they log on to a SAS desktop application. A value of 0 indicates Yes. A value of 1 indicates No.
"SASPW_Alias"
The "SASPW_Alias" value has no option keywords. It returns the AuthenticationDomain alias of the SASPassword authentication provider. The default value is saspw. However, if the AUTHPROVIDERDOMAIN startup option is used to specify a different alias, then this INFOTYPE value returns the alias.
| Exceptions Thrown |
The SAS Open Metadata Interface explicitly returns the following exceptions for the GetInfo method:
-
InvalidCredHandle
-
InvalidInfoType
-
InvalidOptionName
-
InvalidOptionValue
| Examples |
The following is a Java example of a GetInfo method call. The method is issued twice. The first time it is issued, it gets identity information for the connected user. The second time, it gets identity information for a credentialed user. The example includes code that formats and prints the information returned by the two requests:
public void getInfo() throws Exception { try { // Defines the GetIdentityInfo "ReturnUnrestrictedSource" option. final String[][] options ={{"ReturnUnrestrictedSource",""}}; System.out.println(""); // Skip a line System.out.println("<<<< Begin getInfo() >>>>" ); // Defines a stringholder for the info output parameter. VariableArray2dOfStringHolder info = new VariableArray2dOfStringHolder(); // Issues the GetInfo method for the current iSecurity connection user. iSecurity.GetInfo("GetIdentityInfo","", options, info); String[][] returnArray = info.value; System.out.println(); // Specifies a title for the output. System.out.println("<<<<<< getInfo() for ISecurity Connection User >>>>>>"); System.out.println("credHandle=''"); for (int i=0; i< returnArray.length; i++ ) { System.out.println(returnArray[i][0] + "=" + returnArray[i][1]); } // Defines a stringholder for the credential handle. StringHolder credHandle = new StringHolder(); // Issues the GetCredentials method. iSecurity.GetCredentials(testUserId, credHandle); // Issues the GetInfo method for the credentialed user iSecurity.GetInfo("GetIdentityInfo",credHandle.value, options, info); returnArray = info.value; System.out.println(); // Skip one line // Specifies a title to print in the output. System.out.println("<<<<<< getInfo() for Credentialed User >>>>>>"); System.out.println("credHandle=" + credHandle.value); for (int i=0; i< returnArray.length; i++ ) { System.out.println(returnArray[i][0] + "=" + returnArray[i][1]); } // Issues the FreeCredentials method. iSecurity.FreeCredentials(credHandle.value); System.out.println(""); // Skip a line System.out.println("<<<< End getInfo() >>>>" ); } // The following code catches the method's exceptions. catch (Exception e) { System.out.println("GetInfo: Exceptions"); e.printStackTrace(); throw e; } }
Here is the output from the requests:
<<<< Begin getInfo() >>>> <<<<<< getInfo() for ISecurity Connection User >>>>>> credHandle='' UserClass=Unrestricted, Trusted AuthenticatedUserid=TESTUSR7@CARYNT IdentityName=PUBLIC IdentityType=IdentityGroup IdentityObjectID=A5CY5BIY.A3000002 UnrestrictedSource=ConfigFile <<<<<< getInfo() for Credentialed User >>>>>> credHandle=2d91581c00000000 UserClass=IdentityAdmin AuthenticatedUserid=TESTUSER@SASPW IdentityName=testUser IdentityType=Person IdentityObjectID=A5CY5BIY.AN000003 <<<< End getInfo() >>>>
| Related Methods |
|
|
Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.