GetApplicationActionsAuthorizations

Short Description

Returns authorizations for ApplicationActions in a SoftwareComponent object.

Category

Generalized authorization methods

Interface Version

ISecurity 1.1

Syntax

GetApplicationActionsAuthorizations(credHandle,applicationContext,options,output);

Parameters

Method Parameters
Parameter
Type
Direction
Description
credHandle
string
in
Credentials handle identifying a user identity, an empty string, or the Name of a Role in the form ROLE_rolename.
applicationContext
string
in
The 17-character metadata object identifier of the SoftwareComponent object representing the application on which the actions are registered.
options
string array
in
Two-dimensional string array with two input columns. Specifies additional properties to return about granted ApplicationActions. Supported options are an empty string and the keyword-only options:
PERMCOND
requests to return any permission conditions that are defined.
ALLATTRS
requests to return all attributes.
An empty string indicates that no additional properties are requested.
output
string array
out
Two-dimensional string array with a varying number of output columns, depending on which OPTIONS are set.
Possible columns include the following:
Column 0: ActionIdentifier
Column 1: PermissionCondition
Column 2: 'Y' - user is granted; otherwise, an empty string
Column 3: Name
Column 4: ActionType
Column 5: ObjectIdentifier

Details

The GetApplicationActionsAuthorizations method returns authorizations based on ApplicationAction objects that are associated with a SoftwareComponent object. These authorizations indicate the actions that a user can perform in the application that is represented by the SoftwareComponent object.
The expected use is that applications define ApplicationAction objects that are valid for their application, as well as for a user context. The GetApplicationActionAuthorizations method lists the ApplicationActions for which the specified user has been granted Execute permission.
When a credential handle is used, the method returns authorizations for the identity that corresponds to the specified handle. If the CREDHANDLE parameter is an empty string, the method returns authorizations for the calling user.
If authorization is requested based on role membership, you should specify the Role name in the form ROLE_rolename. In the string ROLE_rolename:
  • ROLE_ is a character constant prefix.
  • rolename is the Name value of a Role object on the SAS Metadata Server.
The PERMCOND option returns any PermissionCondition objects that have been defined to qualify an authorization.
The ALLATTRS option returns the following attributes about each granted ApplicationAction:
ActionIdentifier
fixed system name of the ApplicationAction
Name
localizable name of the ApplicationAction
ActionType
optional application-specific descriptor for the ApplicationAction
ObjectIdentifier
metadata identifier of the ApplicationAction object

Exceptions Thrown

The SAS Open Metadata Interface explicitly returns the following exceptions for the GetApplicationActionsAuthorizations method:
  • NotTrustedUser
  • InvalidCredHandle—This exception is also returned when the ROLE_rolename value is invalid or does not exist.
  • InvalidResourceSpec

Related Methods

IsInRole
Copyright © SAS Institute Inc. All rights reserved.