RoleAssignmentsAccessModifier Class |
The access modifier controls access to resource assignment data objects. A resource assignment is accessible for a user if: - It belongs to his own identity (if ACCESSMODE=SELF) - He is manager of the identity which the resource assignment is for (if ACCESSMODE contains MANAGER) - He owns a context which the resource assignment is granted for (if ACCESSMODE contains OWNEDCONTEXTS) - He is owner of the role which the resource assignment is for (if ACCESSMODE contains ROLEOWNER) - He is owner of the system which the assigned resource belongs to (if ACCESSMODE contains SYSTEMOWNER) - ACCESSMODE is set to ALL
The following only applies if ACCESSMODE=ALL: The SYSTEM user have READ+UPDATE access to all role assignments. Members of the built-in Administrators group by default have READ+UPDATE access to all role assignments as well. This can, however, be changed by using the ADMINGROUPS parameter. All others (non-admins) have only READ access (in case they have access at all).
The access modifier supports the parameter STATUS. The value of STATUS must be a comma delimited string with one or more of these values: PENDING, INACTIVE, ACTIVE, REJECTED, OBSOLETE, DISABLED, LOCKED, ALL If STATUS is not specified it is treated as ALL.
The access modifier supports the parameter ACCESSMODE. The value of ACCESSMODE must be a comma delimited string with one or more of these values: SELF, MANAGER, OWNEDCONTEXTS, ROLEOWNER, SYSTEMOWNER, ALL If ACCESSMODE is not specified it is treated as ALL.
--- ADMINGROUPS is deprecated! Use the RoleAssignmentsAccessModifier authorization element to control permissions --- The following only applies if ACCESSMODE=ALL: The access modifier supports the parameter ADMINGROUPS which can be used to specify a number of user groups who's members should have READ+UPDATE access to all role assignments. The value of ADMINGROUPS must be a comma delimited string with user group uids. If ADMINGROUPS is not specified then the value defaults to the built-in Administrators group. If ADMINGROUPS is specified then the built-in Administrators group must be included in order to have READ+UPDATE access. --- ADMINGROUPSKEY is deprecated! Use the RoleAssignmentsAccessModifier authorization element to toggle Admin permissions --- The access modifier also supports the parameter ADMINGROUPSKEY which works in the same way except that the value must be the key of a customer setting which holds a comma delimited string with user group uids.
--- ADMINGROUPS is deprecated! Use the RoleAssignmentsAccessModifier authorization element to control permissions --- The following only applies if ACCESSMODE=ALL: The access modifier supports the parameter READERGROUPS which can be used to specify a number of user groups who's members should have READ access to all identities. The value of READERGROUPS must be a comma delimited string with user group uids. --- READERGROUPSKEY is deprecated! Use the RoleAssignmentsAccessModifier authorization element to toggle Read permissions --- The access modifier also supports the parameter READERGROUPSKEY which works in the same way except that the value must be the key of a customer setting which holds a comma delimited string with user group uids.
Inheritance HierarchyOmada.OE.AppLogic.AccessModifiersAccessModifierBase
Omada.OE.AppLogic.AccessModifiersCommonAccessModifierBase
Omada.OE.Solution.OIM.AppLogic.AccessModifiersRoleAssignmentsAccessModifier
Namespace: Omada.OE.Solution.OIM.AppLogic.AccessModifiers
Assembly: Omada.OE.Solution.OIM.AppLogic (in Omada.OE.Solution.OIM.AppLogic.dll) Version: 15.0.0.0
Syntaxpublic class RoleAssignmentsAccessModifier : CommonAccessModifierBase
The RoleAssignmentsAccessModifier type exposes the following members.
Constructors| Name | Description | |
|---|---|---|
 | RoleAssignmentsAccessModifier |
Properties| Name | Description | |
|---|---|---|
 | DbConnection |
Note: not available in the Initialize() method.
(Inherited from CommonAccessModifierBase.) |
| DbTransaction |
Note: not available in the Initialize() method.
(Inherited from CommonAccessModifierBase.) |
| Factory |
The factory can be used to create controller instances running on the connection/transaction that the call is executed in.
Note: not available in the Initialize() method.
(Inherited from CommonAccessModifierBase.) |
| Parameters |
The parameters specified for the access modifier in the Initialize() method.
Tip: retrieve a parameter value by using the GetParameterValue() method.
(Inherited from CommonAccessModifierBase.) |
Methods| Name | Description | |
|---|---|---|
| CalculateAccess | (Overrides CommonAccessModifierBaseCalculateAccess(DataObject, AccessFlags, AccessCallContext).) |
| GetAccessFlags |
Get accessflags according to the readergroups, admingroups, and configuration of authrole elements.
(Inherited from CommonAccessModifierBase.) |
 | GetAccessibleObjects |
The method populates a temporary db table with ids of the resource assignments which are accessible to the active user.
The method can be overridden whereby additional ids can be added.
|
| GetParameterValue(IDictionaryString, String, String, Boolean) |
Returns the value of a boolean parameter from the parameter values delivered to the Initialize() method.
Method is intended to be used as utility in implementations of the Initialize() method.
(Inherited from AccessModifierBase.) |
| GetParameterValue(IDictionaryString, String, String, Guid) |
Returns the value of a string parameter from the parameter values delivered to the Initialize() method.
Method is intended to be used as utility in implementations of the Initialize() method.
(Inherited from AccessModifierBase.) |
| GetParameterValue(IDictionaryString, String, String, Int32) |
Returns the value of an integer parameter from the parameter values delivered to the Initialize() method.
Method is intended to be used as utility in implementations of the Initialize() method.
(Inherited from AccessModifierBase.) |
| GetParameterValue(IDictionaryString, String, String, String) |
Returns the value of a string parameter from the parameter values delivered to the Initialize() method.
Method is intended to be used as utility in implementations of the Initialize() method.
(Inherited from AccessModifierBase.) |
| GetUIdsFromParameter(String, String, IDictionaryString, String) |
Returns a collection of UIds from the parameters delivered to the Initialize() method.
Method is intended to be used as utility in implementations of the Initialize() method.
(Inherited from AccessModifierBase.) |
| GetUIdsFromParameter(String, String, IDictionaryString, String, Guid) |
Returns a collection of UIds from the parameters delivered to the Initialize() method.
Method is intended to be used as utility in implementations of the Initialize() method.
(Inherited from AccessModifierBase.) |
| Initialize | (Overrides CommonAccessModifierBaseInitialize(IDictionaryString, String).) |
| ModifyLoadOptions | (Overrides CommonAccessModifierBaseModifyLoadOptions(DataObjectLoadOptionsBase, AccessCallContext).) |
| PrepareAccessCalculation | (Overrides CommonAccessModifierBasePrepareAccessCalculation(ListDataObject, AccessCallContext).) |
| QueryDataObjectIds |
Queries the database and returns the ids of the data obejcts that meet a set of expressions.
The security model is overridden.
(Inherited from CommonAccessModifierBase.) |
Extension Methods| Name | Description | |
|---|---|---|
 | ToBool |
Converts object to boolean.
(Defined by ObjectExtensions.) |
| ToDateTime |
Converts object to DateTime.
(Defined by ObjectExtensions.) |
| ToInt |
Converts object to integer.
(Defined by ObjectExtensions.) |
Explicit Interface Implementations| Name | Description | |
|---|---|---|
  | IDataObjectFieldLevelAccessModifierCalculateAccess | (Inherited from CommonAccessModifierBase.) |
| IDataObjectFieldLevelAccessModifierPrepareAccessCalculation | (Inherited from CommonAccessModifierBase.) |
See Also