GetAuthorizationsOnObj

Short Description

Returns the authorizations that apply to a resource for specified identities and permissions.

Category

General authorization administration methods

Syntax

GetAuthorizationsOnObj(tCtxt,resource,flags,identities,permissions,authorizations);

Parameters

Method Parameters
Parameter
Type
Direction
Description
tCtxt
string
in
Optional handle representing a server-side transaction context.
resource
string
in
Passed resource identifier for the object from which the active permissions are requested. If TCTXT is used, do not specify a value for RESOURCE.
flags
int
in
Passed indicator for optional functionality.
SECAD_ACT_CONTENTS
When TCTXT or RESOURCE references an ACT, this flag returns the authorizations that are defined in the ACT, rather than authorizations that protect the ACT.
SECAD_DO_NOT_RETURN_PERMCOND
Omits PermissionCondition values from column 5 of the AUTHORIZATIONS output array, if associated PermissionCondition objects are found.
SECAD_RETURN_DISPLAY_NAME
Returns the value of each identity's DisplayName attribute in column 6 of the AUTHORIZATIONS output array.
SECAD_RETURN_ROLE_TYPE
When an IdentityGroup has a GroupType value of Role, this flag returns the word “Role” in column 1 of the AUTHORIZATIONS output array.
identities
string array
in
Passed two-dimensional string array with two columns. Each row in the array specifies an identity for which permissions are to be queried and returned in the array referenced by the AUTHORIZATIONS parameter. If IDENTITIES is empty, then permissions for all associated identities are returned in the AUTHORIZATIONS output array.
Column 1:
Specify Person, IdentityGroup or Role to indicate the identity type.
Column 2:
Specify the identity's Name attribute value.
permissions
string
in
Passed string containing zero or more comma-delimited permission names for which authorizations are being queried. If PERMISSIONS is empty, then authorizations on all relevant permissions are returned in the AUTHORIZATIONS output array.
authorizations
any array
out
Returned two-dimensional array with five or six columns. A row is returned for each identity. The order of the rows corresponds to the order of the permissions in the PERMISSIONS parameter. See the “Details” section for more information.
Column 0:
Contains the value Person, IdentityGroup, or Role, indicating the identity type.
Column 1:
Contains the Name attribute value of the identity.
Column 2:
Contains an integer that represents a symbol that indicates Deny or Grant and the origin of the authorization. See the table in the “Details” section for an explanation of the returned values.
Column 3:
Contains a Permission name. For example, ReadMetadata, WriteMetadata, and so on.
Column 4:
Contains a PermissionCondition value for the identity and permission, unless the SECAD_DO_NOT_RETURN_PERMCOND flag is set. If this flag is set, the column is empty or contains the results of the SECAD_RETURN_DISPLAY_NAME, if the SECAD_RETURN_DISPLAY_NAME flag is set.
Column 5:
Contains the DisplayName attribute value of the identity, if the SECAD_RETURN_DISPLAY_NAME flag is set, and the SECAD_DO_NOT_RETURN_PERMCOND flag is not set. If SECAD_DO_NOT_RETURN_PERMCOND is set, the column is empty.

Details

The GetAuthorizationsOnObj method returns authorizations for the resource specified by the TCTXT or RESOURCE parameter.
Grant or denial of a permission for an identity is indicated by an integer in column 2 of the array that is returned in the AUTHORIZATIONS parameter. Nine integer values are supported, which correspond with a symbol that indicates the origin of the authorization and whether the permission is granted. The integer values are described in the following table.
Authorization Integer Translation Table
Integer
Symbol
Permission Type
Description
1
SECAD_PERM_EXPD
Explicit Deny
Deny was specified directly on the object.
2
SECAD_PERM_EXPG
Explicit Grant
Grant was specified directly on the object.
0x03
SECAD_PERM_EXPM
Explicit Mask
Mask to extract explicit value.
4
SECAD_PERM_ACTD
ACT Deny
Deny from an ACT other than the default ACT.
8
SECAD_PERM_ACTG
ACT Grant
Grant from an ACT other than the default ACT.
0x0C
SECAD_PERM_ACTM
ACT Mask
Mask to extract ACT value.
16
SECAD_PERM_NDRD
Indirect Deny
Deny from IdentityGroup inheritance or from the default ACT.
32
SECAD_PERM_NDRG
Indirect Grant
Grant from IdentityGroup inheritance or from the default ACT.
0X30
SECAD_PERM_NDRM
Indirect Mask
Mask to extract indirect value.

Exceptions Thrown

The SAS Open Metadata Interface explicitly returns the following exceptions for the GetAuthorizationsOnObj method:
  • SECAD_INVALID_TC_HANDLE
  • SECAD_INVALID_RESOURCE_SPEC
  • SECAD_INVALID_ACTION
  • SECAD_INVALID_IDENTITY_SPEC
  • SECAD_IDENTITY_DOES_NOT_EXIST
  • SECAD_INVALID_PERMISSION_SPEC
  • SECAD_NOT_AUTHORIZED

Examples

The following code fragment shows how the GetAuthorizationsOnObj method is issued in a Java environment: 
public void getAccessControlTemplateList(String transCtxt, String repositorySpec, 
int options, VariableArray2dOfStringHolder ACTlist ) throws Exception {
		
		try
		{
			iSecurityAdmin.GetAccessControlTemplateList(transCtxt,
                                                      repositorySpec,
                                                      options,
                                                      ACTlist
                                                      );
		}
		catch (Exception e) {
			System.out.println("GetAccessControlTemplateList: Exceptions");
			e.printStackTrace();
			throw e;
		}
}
The example issues the GetAuthorizationsOnObj method to get the inherited authorizations on a table that is identified by Table_URN. 
public void testAuthsOnTable() throws Exception {			
		try {
		// Get existing authorizations on the table. 
		iSecurityAdmin.GetAuthorizationsOnObj("",
                                           Table_URN,
                                           0,
                                           Identities,
                                           Permissions,
                                           authRslt
                                           );
		}
	        catch (Exception e)
	          {
		throw e;
	         }
}

Related Methods

Copyright © SAS Institute Inc. All rights reserved.