GetAuthorizationsforObjects

Short Description

Gets authorizations for a specified set of objects and permissions.

Category

Generalized authorization methods

Interface Version

ISecurity 1.1

Syntax

GetAuthorizationsforObjects(credHandle,permissions,resources,permMask,GRANT,
conditionNDXs,conditionPermMasks,conditions);

Parameters

Method Parameters
Parameter
Type
Direction
Description
credHandle
string
in
Credential handle identifying a user identity, or an empty string.
permissions
string array
in
Permissions for which authorizations are requested for the resources in the RESOURCES parameter. See the "Details" section for an example.
resources
string array
in
A one-dimensional string array containing passed resource identifiers. See the "Details" section for an example.
permMask
integer array
in
A one-dimensional integer array, where each element corresponds positionally to each resource in the RESOURCES array, and each bit in an element corresponds positionally to each permission in the PERMISSIONS array. Each PERMMASK element is a bit pattern where 1 in a bit position means that the permission in the PERMISSIONS array is enforced for the corresponding object. A 0 in a bit position means that the GetAuthorizationsforObjects method should ignore the corresponding permission. See the "Details" section for an example.
GRANT
integer array
out
A one-dimensional integer array, where each element corresponds positionally to each resource in the RESOURCES array, and each bit in an element corresponds positionally to each permission in the PERMISSIONS array. Each GRANT element is a bit pattern, where 1 in a bit position means that the permission in the PERMISSIONS array is granted for the corresponding object. A 0 in a bit position means that the permission is denied or not selected for enforcement in the PERMMASK for the corresponding object.
conditionNDXs
integer array
out
A one-dimensional integer array, where each element corresponds positionally to each PermissionCondition in the CONDITIONS array. Each CONDITIONNDXS element value is the index into the RESOURCES array for which the PermissionCondition in the CONDITIONS array corresponds. If no PermissionConditions are returned for any of the resources, then the CONDITIONNDXS array is empty.
conditionPermMasks
integer array
out
A one-dimensional integer array, where each element corresponds positionally to each index in the CONDITIONNDXS and CONDITIONS arrays. Each CONDITIONPERMMASKS element is a bit pattern, where 1 in a bit position means that the corresponding permission in the PERMISSIONS array has a PermissionCondition. If no PermissionCondition objects are returned for any of the resources, then the CONDITIONPERMMASKS array is empty. The CONDITIONPERMMASKS array lists the permissions for which PermissionCondition objects were returned for the resource referenced in the corresponding element in the CONDITIONNDXS array.
conditions
string array
out
A one-dimensional string array, where each element corresponds positionally to each permission in the CONDITIONNDXs and CONDITIONPERMMASKS arrays and contains a returned PermissionCondition value. If no PermissionCondition objects are returned for any of the resources, then the CONDITIONS array is empty.

Details

The GetAuthorizationsforObject method reduces the number of calls to the SAS Metadata Server for authorization decisions that require permissions on multiple metadata objects to be evaluated. For the specified set of metadata objects and a corresponding set of permissions (which can be different for each object), the method returns GRANT or a null value, and any PermissionCondition objects that are associated with a GRANT. A null value indicates that the permission was denied or not specified for the object.
When an empty string is passed in CREDHANDLE, the method evaluates authorizations for the calling user.
This is an example of a PERMISSIONS array: 
{ "Read", "Write", "Create Table", "Select" }
For information about the format of a resource identifier, see Identifying Resources to ISecurity Methods.
This is an example of a RESOURCES array: 
{ 
"OMSOBJ:Library/A5DRX6L4.AQ000001", 
"OMSOBJ:Table/A5DRX6L4.AT000001",

"OMSOBJ:Column/A5DRX6L4.AU000006", 
"OMSOBJ:Column/A5DRX6L4.AU000007" 
}
This is an example of a PERMMASK array: 
{  7, 15, 1,  2 }
Using information from the previous examples, the PERMMASK array indicates the following:
  • the Read, Write, and Create Table permissions are enforced for OMSOBJ:Library/A5DRX6L4.AQ000001
  • the Read, Write, Create Table, and Select permissions are enforced for "OMSOBJ:Table/A5DRX6L4.AT000001"
  • the Read permission is enforced for OMSOBJ:Column/A5DRX6L4.AU000006
  • the Write permission is enforced for OMSOBJ:Column/A5DRX6L4.AU000007

Exceptions Thrown

The SAS Open Metadata Interface explicitly returns the following exceptions for the GetAuthorizationsforObjects method:
  • InvalidCredHandle
  • PermissionDoesNotExist
  • InvalidObjectSpecification
  • ObjectDoesNotExist
  • InvalidPermMask

Related Methods

Copyright © SAS Institute Inc. All rights reserved.