Provides managerial access to the Permissions Store.
Product Availability
Description
IPermissionsManager provides methods to query the state of Allow and Deny rules on operations on ArcGIS Server resources.
The IPermissionsManager interface can be obtained by a query interface with the IServerObjectManager interface.
>A list of security model concepts is useful here.
- User - An individual identified by a unique user name who wants to consume resources provided by ArcGIS Server. Users are stored within a User Store, which may be a database, the active directory on a Windows Server, or an LDAP sever. All authentication of users takes place in the web tier.
- Role - A collection of users based on functional, departmental, or classification groupings (e.g., Planners, Editors, Classified, Unclassified, etc.). A role can be assigned a permission to use or invoke operations on a resource. Roles are stored within a Role Store, which may be a database, the Active Directory on a Windows Server, or an LDAP server.
- Principal - A term that denotes either a User or a Role.
- Resource - An item or object that is to be secured. In a 9.3 ArcGIS Server, resources are web applications and GIS services and server folders containing GIS services.
- Operation - An action or method that can be invoked on a secured resource. At 9.3, no distinction is made between operations and the only valid value, "*", is used to denote all actions.
- Permission - The ability of a role to use or invoke operations on a specific resource.
Permissions are assigned in a Continuous Inheritance model. A child resource inherits permissions from its parent resource and the child can be changed to differ from the parent. Changing the permission on the parent for a specific user/role restores inheritance to match the parent recursively; all children will be changed to match the parent.
When To Use
Use the IPermissionsManager interface when your application needs to query the state of role-based permissions on an ArcGIS Server.
If your application needs to connect to the server to perform changes to the role-based ArcGIS Server security model, use the IPermissionsAdmin interface instead.
Members
Description | ||
---|---|---|
CheckForDescendentsWithDifferentPermissions | Checks whether the specified principal has different permissions among the descendents of the specified parent resource/operation combination. | |
CheckPermission | Checks whether the specified principal has permission to perform the given operation on the indicated resource. | |
GetPrincipalsWithPermissionOnResource | Enumerates all principals having permission to perform the specified operation on the given resource. |
CoClasses that implement IPermissionsManager
CoClasses and Classes | Description |
---|---|
ServerObjectManager | The ServerObjectManager object which creates ServerContext, ServerObjectConfigurationInfo and ServerObjectTypeInfo objects. |
Remarks
The following state of the role-based security model of the ArcGIS Server is exposed by the methods of IPermissionsAdmin:
Query role-based ArcGIS Server security:
- Check whether the supplied principal has permissions for all operations on a specific resource.
- Get all of the principals that have permissions for all operations on a specific resource.
- Check whether any descendents of the specified resource have permissions that differ.