Previous Page

|

Next Page

Authorization (ISecurity Interface)

GetAuthorizationsforObjects

Gets authorizations for a specified set of objects and permissions.

Category: Generalized authorization methods

Interface version: ISecurity 1.1

Syntax

GetAuthorizationsforObjects(credHandle,permissions,resources,permMask,GRANT,
conditionNDXs,conditionPermMasks,conditions);

Parameters

Parameter	Type	Direction	Description
credHandle	string	in	Credential handle identifying a user identity, or an empty string.
permissions	string array	in	Permissions for which authorizations are requested for the resources in the RESOURCES parameter. See the "Details" section for an example.
resources	string array	in	A one-dimensional string array containing passed resource identifiers. See the "Details" section for an example.
permMask	integer array	in	A one-dimensional integer array, where each element corresponds positionally to each resource in the RESOURCES array, and each bit in an element corresponds positionally to each permission in the PERMISSIONS array. Each PERMMASK element is a bit pattern where 1 in a bit position means that the permission in the PERMISSIONS array is enforced for the corresponding object. A 0 in a bit position means that the GetAuthorizationsforObjects method should ignore the corresponding permission. See the "Details" section for an example.
GRANT	integer array	out	A one-dimensional integer array, where each element corresponds positionally to each resource in the RESOURCES array, and each bit in an element corresponds positionally to each permission in the PERMISSIONS array. Each GRANT element is a bit pattern, where 1 in a bit position means that the permission in the PERMISSIONS array is granted for the corresponding object. A 0 in a bit position means that the permission is denied or not selected for enforcement in the PERMMASK for the corresponding object.
conditionNDXs	integer array	out	A one-dimensional integer array, where each element corresponds positionally to each PermissionCondition in the CONDITIONS array. Each CONDITIONNDXS element value is the index into the RESOURCES array for which the PermissionCondition in the CONDITIONS array corresponds. If no PermissionConditions are returned for any of the resources, then the CONDITIONNDXS array is empty.
conditionPermMasks	integer array	out	A one-dimensional integer array, where each element corresponds positionally to each index in the CONDITIONNDXS and CONDITIONS arrays. Each CONDITIONPERMMASKS element is a bit pattern, where 1 in a bit position means that the corresponding permission in the PERMISSIONS array has a PermissionCondition. If no PermissionCondition objects are returned for any of the resources, then the CONDITIONPERMMASKS array is empty. The CONDITIONPERMMASKS array lists the permissions for which PermissionCondition objects were returned for the resource referenced in the corresponding element in the CONDITIONNDXS array.
conditions	string array	out	A one-dimensional string array, where each element corresponds positionally to each permission in the CONDITIONNDXs and CONDITIONPERMMASKS arrays and contains a returned PermissionCondition value. If no PermissionCondition objects are returned for any of the resources, then the CONDITIONS array is empty.

Details

The GetAuthorizationsforObject method reduces the number of calls to the SAS Metadata Server for authorization decisions that require permissions on multiple metadata objects to be evaluated. For the specified set of metadata objects and a corresponding set of permissions (which can be different for each object), the method returns GRANT or a null value, and any PermissionCondition objects that are associated with a GRANT. A null value indicates that the permission was denied or not specified for the object.

When an empty string is passed in CREDHANDLE, the method evaluates authorizations for the calling user.

This is an example of a PERMISSIONS array:

{ "Read", "Write", "Create Table", "Select" } 

For information about the format of a resource identifier, see Identifying Resources to ISecurity Methods.

This is an example of a RESOURCES array:

{ 
"OMSOBJ:Library/A5DRX6L4.AQ000001", 
"OMSOBJ:Table/A5DRX6L4.AT000001",

"OMSOBJ:Column/A5DRX6L4.AU000006", 
"OMSOBJ:Column/A5DRX6L4.AU000007" 
} 

This is an example of a PERMMASK array:

{  7, 15, 1,  2 }

Using information from the previous examples, the PERMMASK array indicates the following:

• the Read, Write, and Create Table permissions are enforced for OMSOBJ:Library/A5DRX6L4.AQ000001

• the Read, Write, Create Table, and Select permissions are enforced for "OMSOBJ:Table/A5DRX6L4.AT000001"

• the Read permission is enforced for OMSOBJ:Column/A5DRX6L4.AU000006

• the Write permission is enforced for OMSOBJ:Column/A5DRX6L4.AU000007

Exceptions Thrown

The SAS Open Metadata Interface explicitly returns the following exceptions for the GetAuthorizationsforObjects method:

• InvalidCredHandle

• PermissionDoesNotExist

• InvalidObjectSpecification

• ObjectDoesNotExist

• InvalidPermMask

Related Methods

• GetAuthorizations

• GetApplicationActionsAuthorizations

Previous Page

|

Next Page

|

Top of Page

Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.