Provides administrative access to the Permissions Store.
Product Availability
Description
IPermissionsAdmin provides methods to Allow and Deny operations on ArcGIS Server resources and to retrieve all principals with access to resources.
The IPermissionsAdmin interface can be obtained by a query interface with the IServerObjectAdmin interface.
A list of security model concepts is useful here.
- User - An individual identified by a unique user name who wants to consume resources provided by ArcGIS Server. Users are stored within a User Store, which may be a database, the active directory on a Windows Server, or an LDAP sever. All authentication of users takes place in the web tier.
- Role - A collection of users based on functional, departmental or classification groupings (e.g., Planners, Editors, Classified, Unclassified, etc.). A role can be assigned a permission to use or invoke operations on a resource. Roles are stored within a Role Store, which may be a database, the Active Directory on a Windows Server, or an LDAP server.
- Principal - A term that denotes either a User or a Role.
- Resource - An item or object that is to be secured. In a 9.3 ArcGIS Server, resources are web applications and GIS services and server folders containing GIS services.
- Operation - An action or method that can be invoked on a secured resource. At 9.3, no distinction is made between operations, and the only valid value, "*", is used to denote all actions.
- Permission - The ability of a role to use or invoke operations on a specific resource.
Permissions are assigned in a Continuous Inheritance model. A child resource inherits permissions from its parent resource and the child can be changed to differ from the parent. Changing the permission on the parent for a specific user/role restores inheritance to match the parent recursively; all children will be changed to match the parent.
When To Use
Use the IPermissionsAdmin interface when your application needs to set permissions on ArcGIS for Server GIS resources for specific principals.
If your application is connecting to the server only to retrieve information about the current state of permissions on ArcGIS for Server GIS resources, use the IPermissionsManager interface instead.
Members
Description | ||
---|---|---|
AllowPermission | Grants permission to the specified principal to perform the given operation on the indicated resource. | |
DenyPermission | Revokes permission from the specified principal to perform the given operation on the indicated resource. | |
GetAllPrincipals | Enumrates all princiapls in the Permissions Store. |
CoClasses that implement IPermissionsAdmin
CoClasses and Classes | Description |
---|---|
ServerObjectAdmin | The ServerObjectAdmin object which administrates the GIS Server. |
Remarks
The following administration functionality of the ArcGIS Server is exposed by the methods of IPermissionsAdmin:
Administer role-based ArcGIS Server security:
- Allow permissions on a resource
- Deny permissions on a resource
Get information about the ArcGIS Security mode:
- Get all principals that have any Allow/Deny rules on any resource