|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
This object stores a principal's security information; that is, it gives you access to the roles, rights, and limits for specific users or groups. It also determines whether the principal can inherit rights from a group or parent folder. A principal that has been given explicit rights to an object can be retrieved from the ObjectPrincipals collection; a principal whose rights are inherited or whose rights have not been specified are stored on the system and can be retrieved with the AnyPrincipal property.
A role or access mode is a predefined set of object rights that allow you to set common object security levels quickly. They are designed to cover the most common cases of security rights sets, and can be applied to the principal with the Role object. It is recommended that you start by using roles, and then apply more granular rights if necessary. The rights that are listed for each role are always granted to the principal, and never denied. See the "Appendix A: Object Rights and Access Levels" in the BusinessObjects Enterprise Administrator's Guide for a list of the granular rights granted for each role. When you assign a principal a role, the set of granted rights are automatically added to the principal's SecurityRights collection.
To set a principal's limits on an object, add the principal to, or retrieve it from, the ObjectPrincipal collection, and then use the Limits Property to specify a value for each limit. Limits that are explicitly specified or that are inherited from a parent folder or user group are stored in the SecurityLimits collection.
To set a principal's rights on an object, add the principal to, or retrieve it from, the ObjectPrincipal collection, and then use the Rights Property to give the principal specific rights. A right can be explicitly granted, explicitly denied, or not specified. Rights that are not specified are any available rights that have not been added to the principal's SecurityRights collection.
A principal can inherit rights from the groups it belongs to and from the parent folder of the object that it is being granted rights to. When rights are inherited, you can still explicitly set rights on the object. For tips on using folder and group inheritance, see the BusinessObjects Enterprise Administrator's Guide.
| Field Summary | |
static int |
LIMITS
This is a flag bit in the return value from getAttributesSet. |
static int |
RIGHTS
This is a flag bit in the return value from getAttributesSet. |
| Method Summary | |
int |
getAttributesSet()
Indicates whether the principal has explicit rights or limits set on the object. |
int |
getID()
Returns the principal's ID. |
ISecurityRights |
getInheritedRights()
Returns the collection of rights that the principal inherits from parent folders or user groups. |
ISecurityLimits |
getLimits()
Returns a collection of limits that are set for the principal. |
java.lang.String |
getName()
Returns the name of the principal. |
ISecurityRights |
getRights()
Returns a collection of explicit rights that are set for the principal. |
IRole |
getRole()
Returns principal's role for this object. |
boolean |
isAdvancedInheritFolders()
Returns true if rights can be inherited from parent folders, and
false otherwise.
|
boolean |
isAdvancedInheritGroups()
Returns true if rights can be inherited from parent user groups, and
false otherwise.
|
boolean |
isInherited()
Returns true if the principal's rights are inherited from a parent folder
on which explicit rights have not been set, and false otherwise.
|
void |
setAdvancedInheritFolders(boolean inheritFolders)
Sets whether this object can inherit rights from parent folders. |
void |
setAdvancedInheritGroups(boolean inheritGroups)
Sets whether this object can inherit rights from parent user groups. |
void |
setInherited(boolean inherited)
Sets the principal's inheritance state. |
void |
setRole(IRole role)
Sets the principal's role for this object. |
| Field Detail |
public static final int RIGHTS
This is a flag bit in the return value from getAttributesSet. It indicates that
the principal has rights on the object.
public static final int LIMITS
This is a flag bit in the return value from getAttributesSet. It indicates that
the principal has limits on the object.
| Method Detail |
public int getID()
Returns the principal's ID.
int value of the principal's ID.public boolean isInherited()
Returns true if the principal's rights are inherited from a parent folder
on which explicit rights have not been set, and false otherwise.
true if the principal's rights are inherited from a parent folder or
user group on which explicit rights have not been set, and false otherwise.public void setInherited(boolean inherited)
Sets the principal's inheritance state. The value should be true if the
principal's rights are inherited from a parent folder on which explicit
rights have not been set, and false otherwise.
inherited - true if the
principal's rights are inherited from a parent folder or user group on which explicit
rights have not been set, and false otherwise.public java.lang.String getName()
Returns the name of the principal.
String containing the name of the principal.public ISecurityRights getRights()
Returns a collection of explicit rights that are set for the principal. This may be different from the effective rights.
ISecurityRights object of specific rights that are
explicitly set for the principal.public IRole getRole()
Returns principal's role for this object.
Role object that specifies the principal's role for this object.public void setRole(IRole role)
Sets the principal's role for this object.
role - The Role object that defines the principal's role for this
object.public ISecurityRights getInheritedRights()
Returns the collection of rights that the principal inherits from parent folders or user groups.
ISecurityRights object that contains this objects inherited rights.public boolean isAdvancedInheritGroups()
Returns true if rights can be inherited from parent user groups, and
false otherwise.
boolean that specifies whether this object can inherit rights from
parent user groups. true enables inheritance while false disables
it. This flag can only be set for the Advanced role.public void setAdvancedInheritGroups(boolean inheritGroups)
Sets whether this object can inherit rights from parent user groups. If true,
rights can be inherited from parent user groups, otherwise false.
To set the value for this property, the following conditions must apply:
IObjectPrincipal is not inherited.
inheritGroups - A boolean that specifies whether rights can be inherited from
parent user groups. true enables inheritance while false disables
it. This flag can only be set for the Advanced role.public boolean isAdvancedInheritFolders()
Returns true if rights can be inherited from parent folders, and
false otherwise.
boolean that specifies whether the rights can be inherited
from parent folders. true enables inheritance and false
disables it. This flag can only be set for the Advanced role.public void setAdvancedInheritFolders(boolean inheritFolders)
Sets whether this object can inherit rights from parent folders. If true,
rights can be inherited from parent folders, otherwise false.
inheritFolders - A boolean that specifies whether rights can be inherited from
parent folders. true enables inheritance while false disables
it. This flag can only be set for the Advanced role.public int getAttributesSet()
Indicates whether the principal has explicit rights or limits set on the object.
To set the value for this property, the following conditions must apply:
IObjectPrincipal is not inherited.
int specifying whether the principal has explicit rights
or limits set on this object.public ISecurityLimits getLimits()
Returns a collection of limits that are set for the principal.
ISecurityLimits object that contains the limits set
for the principal.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||