Provides managerial access to the Permissions Store.
Description
IPermissionsManager provides methods to query the state of Allow and Deny rules on operations on ArcGIS Server resources.
The IPermissionsManager interface can be obtained by a query interface with the IServerObjectManager interface.
>A list of security model concepts is useful here.
- User - An individual identified by a unique user name who wants to consume resources provided by ArcGIS Server. Users are stored within a User Store, which may be a database, the active directory on a Windows Server, or an LDAP sever. All authentication of users takes place in the web tier.
- Role - A collection of users based on functional, departmental, or classification groupings (e.g., Planners, Editors, Classified, Unclassified, etc.). A role can be assigned a permission to use or invoke operations on a resource. Roles are stored within a Role Store, which may be a database, the Active Directory on a Windows Server, or an LDAP server.
- Principal - A term that denotes either a User or a Role.
- Resource - An item or object that is to be secured. In a 9.3 ArcGIS Server, resources are web applications and GIS services and server folders containing GIS services.
- Operation - An action or method that can be invoked on a secured resource. At 9.3, no distinction is made between operations and the only valid value, "*", is used to denote all actions.
- Permission - The ability of a role to use or invoke operations on a specific resource.
Permissions are assigned in a Continuous Inheritance model. A child resource inherits permissions from its parent resource and the child can be changed to differ from the parent. Changing the permission on the parent for a specific user/role restores inheritance to match the parent recursively; all children will be changed to match the parent.
When To Use
Use the IPermissionsManager interface when your application needs to query the state of role-based permissions on an ArcGIS Server.
If your application needs to connect to the server to perform changes to the role-based ArcGIS Server security model, use the IPermissionsAdmin interface instead.
Members
| Name | Description | |
|---|---|---|
 |
CheckForDescendentsWithDifferentPermissions | Checks whether the specified principal has different permissions among the descendents of the specified parent resource/operation combination. |
|
CheckPermission | Checks whether the specified principal has permission to perform the given operation on the indicated resource. |
|
GetPrincipalsWithPermissionOnResource | Enumerates all principals having permission to perform the specified operation on the given resource. |
IPermissionsManager.CheckForDescendentsWithDifferentPermissions Method
Checks whether the specified principal has different permissions among the descendents of the specified parent resource/operation combination.
Public Function CheckForDescendentsWithDifferentPermissions ( _
ByVal Principal As String, _
ByVal resource As String, _
ByVal operation As String _
) As Boolean
public bool CheckForDescendentsWithDifferentPermissions (
string Principal,
string resource,
string operation
);
Remarks
Use the CheckForDescendentsWithDifferentPermissions method to query the server object manager as to whether the indicated resource has children that have permissions with different permissions.
IPermissionsManager.CheckPermission Method
Checks whether the specified principal has permission to perform the given operation on the indicated resource.
Public Function CheckPermission ( _
ByVal Principal As String, _
ByVal resource As String, _
ByVal operation As String _
) As Boolean
public bool CheckPermission (
string Principal,
string resource,
string operation
);
Remarks
Use the CheckPermissions method to query the server object manager for whether the given roles have permissions to perform all operations on an indicated resource.
IPermissionsManager.GetPrincipalsWithPermissionOnResource Method
Enumerates all principals having permission to perform the specified operation on the given resource.
Public Function GetPrincipalsWithPermissionOnResource ( _
ByVal resource As String, _
ByVal operation As String _
) As IEnumBSTR
public IEnumBSTR GetPrincipalsWithPermissionOnResource (
string resource,
string operation
);
Remarks
Use the GetPrincipalsWithPermissionsOnResource method to query the server object manager for the roles that have permissions for all operations on the indicated resource.
Classes that implement IPermissionsManager
| Classes | Description |
|---|---|
| ServerObjectManager | The ServerObjectManager object which creates ServerContext, ServerObjectConfigurationInfo and ServerObjectTypeInfo objects. |
Remarks
The following state of the role-based security model of the ArcGIS Server is exposed by the methods of IPermissionsAdmin:
Query role-based ArcGIS Server security:
- Check whether the supplied principal has permissions for all operations on a specific resource.
- Get all of the principals that have permissions for all operations on a specific resource.
- Check whether any descendents of the specified resource have permissions that differ.