AuthorizationEntry Structure

To manage and test permissions based on ACLs the IDatabaseRepository interface provides a family of methods...

• AddAuthorization
• SetAuthorization
• GetAuthorizations
• GetAuthorizationLevel
• HasAuthorization
• CheckAuthorization

...that can be applied to all relevant ice.NET items:

• Folders
• Objects
• Packages
• Parties
• Profiles

The HasAuthorization and CheckAuthorization methods calculate the effective permission, i.e. the permission level after recursively evaluating group/role memberships. The implementation of IDatabaseRepository must provide an efficient, optimized algorithm to calculate the desired result.

This example shows how to use the AddAuthorization(IFolder, String, Int32) method to add read/write permissions for user "John Doe" to a folder. If a higher permission level has already been set, this method does not reduce the level.

IFolder pFolder = Repository.GetFolderByKey("ICR.Data");

Repository.ExecuteTransaction(delegate()
{
    Repository.AddAuthorization(pFolder, "John Doe", AuthorizationLevel.Write);
});

This example shows how to use the SetAuthorization(IFolder, String, Int32) method to set read permissions for user "John Doe" to a folder. If a higher permission level has already been set, this method reduces the level.

IFolder pFolder = Repository.GetFolderByKey("ICR.Data");

Repository.ExecuteTransaction(delegate()
{
    Repository.SetAuthorization(pFolder, "John Doe", AuthorizationLevel.Read);
});

This example shows how to use the RemoveAuthorization(String, String) method to remove all permissions for group "Support Engineers" from the profile "System.Development". Notice that profiles are identified by their name.

Repository.ExecuteTransaction(delegate()
{
    Repository.RemoveAuthorization("System.Development", "Support Engineers");
});

This example shows how to use the GetAuthorizations(IObject) method to retrieve all authorized parties together with their permission level for a specific object.

IObject pObject = Repository.GetObject(objectId);

AuthorizationEntry[] aAuthorizations = GetAuthorizations(pObject);

foreach (AuthorizationEntry sAuthorization in aAuthorizations)
{
    Console.WriteLine(sAuthorization.PartyName + ": " + sAuthorization.Authorization);
}

This example shows how to use the GetAuthorizationLevel(IFolder, String) method to retrieve the authorization level for user "John Doe" on a specific folder.

IFolder pFolder = Repository.GetFolderByKey("ICR.Data");

int level = Repository.GetAuthorizationLevel(pFolder, "John Doe");

This example shows how to use the HasAuthorization(IFolder, String, Int32) method to find out if user "John Doe" has read permissions on a specific folder. This method considers the group/role memberships of the user (recursively) when calculating the result.

IFolder pFolder = Repository.GetFolderByKey("ICR.Data");

if (Repository.HasAuthorization(pFolder, "John Doe", AuthorizationLevel.Read))
{
    Console.WriteLine(pFolder.Name + " is readable.");
}

This example shows how to use the CheckAuthorization(IFolder, String, Int32) method to find out if user "John Doe" has read permissions on a specific folder. This method considers the group/role memberships of the user (recursively) when calculating the result. If the required effective permission is not available, this method throws a AuthorizationException that describes the available and missing permission level.

IFolder pFolder = Repository.GetFolderByKey("ICR.Data");

Repository.CheckAuthorization(pFolder, "John Doe", AuthorizationLevel.Read);

Console.WriteLine(pFolder.Name + " is readable.");

Reference