SetAuthorizationsOnObj :: SAS(R) 9.3 Open Metadata Interface: Reference and Usage

Short Description

Sets permissions for identities on a resource.

Syntax

SetAuthorizationsOnObj(tCtxt,resource,flags,authorizations);

Parameters

Method Parameters

Parameter	Type	Direction	Description
tCtxt	string	in	Optional handle representing a server-side transaction context.
resource	string	in	Passed resource identifier for the object for which authorizations are defined. If TCTXT is used, do not specify a value for RESOURCE.
flags	int	in	SECAD_ACT_CONTENTS When TCTXT or RESOURCE references an ACT, this flag specifies to apply the authorizations to the ACT's content, rather than to the authorizations that protect the ACT.
authorizations	string array	in	Passed two-dimensional string array with five columns. Each row in the array represents a permission being set for an identity. See the “Details” section for more information. Column 0: Specify Person, IdentityGroup, or Role, indicating the identity's type. Column 1: Specify the identity's Name attribute value. Column 2: Specify a permission directive: D for Deny, G for Grant, or R for Remove. Column 3: Specify a Permission name. For example, Read, Write, and so on. Caution: If you specify R in column 2 and leave column 3 empty, then all permissions will be removed for the identity that is identified in columns 0 and 1. Column 4: Specify a permission condition for the identity and permission, or leave empty.

Details

The SetAuthorizationsOnObj method adds or removes permissions for an identity on a resource. The TCTXT or RESOURCE parameter and the AUTHORIZATIONS parameter are required. Other parameters can have a null value.

TCTXT or RESOURCE can specify an application metadata object or an ACT. When RESOURCE is an ACT, be aware that the SECAD_ACT_CONTENTS flag changes the behavior of the method. When this flag is set, the permission changes that you specified in AUTHORIZATIONS are applied to the contents that define the ACT. As a result, the changes affect all objects with which the ACT is associated. When this flag is not set, the permission changes are applied to the authorizations that protect the ACT object.

Use the AUTHORIZATIONS string to specify which identities are affected and the permissions that should be added or removed. The method uses this input to define or modify ACT and ACE objects on the SAS Metadata Server. Any permission conditions that you specify define or modify PermissionCondition objects.

The SetAuthorizationsOnObj method fails if the requesting user does not have ReadMetadata and WriteMetadata permissions on the target resource.

Exceptions Thrown

The SAS Open Metadata Interface explicitly returns the following exceptions for the SetAuthorizationsOnObj method:

SECAD_INVALID_TC_HANDLE
SECAD_INVALID_RESOURCE_SPEC
SECAD_INVALID_ACTION
SECAD_INVALID_IDENTITY_SPEC
SECAD_IDENTITY_DOES_NOT_EXIST
SECAD_INVALID_PERMISSION_SPEC
SECAD_NOT_AUTHORIZED

Examples

The following code fragment shows how the SetAuthorizationsOnObj method is issued in a Java environment:

public void setAuthorizationsOnObj(String transCtxt, String resource, int options, 
String[][] auths ) throws Exception {

		try
		{
			iSecurityAdmin.SetAuthorizationsOnObj(transCtxt, 
                                                resource, 
                                                options, 
                                                auths
                                                );
		}
		catch (Exceptions e) {
			System.out.println("SetAuthorizationsOnObj:  Exceptions");
			e.printStackTrace();
			throw e;
		}
}

The following example issues the SetAuthorizationsOnObj to define authorizations in a predefined ACT identified as ACTspec.

public void defineACT() throws Exception {               
        // Authorizations to place in the ACT
        final String[][] ACTauths = 
                             {{"IdentityGroup", Public, "D", "ReadMetadata", ""},
                              {"IdentityGroup", Public, "D", "WriteMetadata", ""},
                              {"Person", testUserName, "G", "ReadMetadata", ""},
                              {"Person", testUserName, "G", "WriteMemberMetadata",""},
                              {"Person", testUserName, "G", "CheckinMetadata", ""}};
                        
        try {
         // Set the authorizations defined in ACTauths on the ACT identified by ACTspec.
         // Note that tCtxt is null, because resource has a value.          
 iSecurityAdmin. setAuthorizationsOnObj("", ACTspec, ISecurityAdmin.SECAD_ACT_CONTENTS, 
ACTauths);
         }
        catch (Exception e ){
                throw e;
        }
}

SetAuthorizationsOnObj