GetIdentitiesOnObj

Short Description

Returns Person, IdentityGroup, and Role objects associated with a specified resource.

Category

General authorization administration methods

Syntax

GetIdentitiesOnObj(tCtxt,resource,flags,id_List);

Parameters

Method Parameters
Parameter
Type
Direction
Description
tCtxt
string
in
Optional handle representing a server-side transaction context.
resource
string
in
Passed resource identifier for the object for which identities are being queried. If TCTXT is used, do not specify a value for RESOURCE.
flags
int
in
SECAD_ACT_CONTENTS
When TCTXT or RESOURCE references an ACT, this flag specifies to return the identities that have permissions defined in the ACT, rather than permissions defined to protect the ACT.
SECAD_RETURN_DISPLAY_NAME
Returns the value of the DisplayName attribute of each identity.
SECAD_RETURN_ROLE_TYPE
When a returned IdentityGroup has a GroupType value of Role, this flag returns the word “Role” in column 1 of the ID_LIST output array.
SECAD_RETURN_IDENTITY_ORIGIN
Returns one or two characters that indicate the origin of each identity.
D
indicates the origin was a direct ACE or ACT defined on the object.
I
indicates an inherited identity, or an identity set in the default ACT.
DI
indicates the identity comes from both direct and inherited origins.
id_List
string array
out
Returned two-dimensional string array of identity values with two to four columns. Each row in the array represents an identity. The content of the columns depends on which flags were set. See the “Details” section for more information.
Column 0:
Contains the value Person, IdentityGroup or Role, indicating the identity type.
Column 1:
Contains the Name attribute value of the identity.
Column 2:
If both the SECAD_RETURN_IDENTITY_ORIGIN and SECAD_RETURN_DISPLAY_NAME flags are set, contains the DisplayName attribute value of the identity. If SECAD_RETURN_DISPLAY_NAME is not set and SECAD_RETURN_IDENTITY_ORIGIN is set, contains a value indicating the origin of the permission.
Column 3:
Contains a value indicating the origin of an identity's permission, or is empty, depending on which flags are set in the GetIdentitiesOnObj request.

Details

The GetIdentitiesOnObj method returns Person, IdentityGroup, and Role objects that have permissions defined on a specified resource. Flags can be set to return the identity's DisplayName value and a value describing the origin of the permission.
When the specified resource is an ACT object, the method lists the identities that are assigned permissions to protect the ACT, unless the SECAD_ACT_CONTENTS flag is set. When this flag is set, the method lists identities that have permissions defined in the ACT.

Exceptions Thrown

The SAS Open Metadata Interface explicitly returns the following exceptions for the GetIdentitiesOnObj method:
  • SECAD_INVALID_TC_HANDLE
  • SECAD_INVALID_RESOURCE_SPEC
  • SECAD_INVALID_ACTION
  • SECAD_NOT_AUTHORIZED

Related Methods

Copyright © SAS Institute Inc. All rights reserved.