edmiCheckInstanceAccess

Owned by Former user (Deleted)
Last updated: Dec 11, 2017
4 min read
EdmiError edmiCheckInstanceAccess(SdaiInstance    currInst,
                                   SdaiInteger     requiredAccessCode,
                                   SdaiInstance    userId,
                                   SdaiInstance    groupId,
                                   SdaiUnsignedInt options,
                                   SdaiBoolean     *result,
                                   SdaiInstance    *lastCheckedInstance,
                                   SdaiInteger     *accessRole,
                                   SdaiInteger     *protection,
                                   SdaiInteger     *actualAccessRights);

Checks whether an EDMuser/EDMgroup would have a requested access to a given protected instance.

Arguments

TypeNameComment
SdaiInstance

currInst

A numeric instanceID that uniquely identifies a protected instance in the EDMdatabase for which access is to be checked.

SdaiInteger

requiredAccessCode

One of the symbols from the following list;
READ_ACCESS, WRITE_ACCESS, CREATE_ ACCESS, EXECUTE_ ACCESS, DELETE_ACCESS

SdaiInstance

userId

A numeric instance Id that uniquely identifies the edm_user instance in the EDMdatabase.

SdaiInstance

groupId

A numeric instance Id that uniquely identifies the edm_group instance in the EDMdatabase.

SdaiUnsignedInt

options

Use CHECK_FULL_PATH if you want to check if access to a protected instance is prevented by the protected instance it self or by any of its parent protected instances. E.g, write access to a model may be denied because of insufficient access to the repository in which the model resides.
Use zero if you want to check for required access to a protected instance, without checking if that access will be prevented by any of the parent protected instances

SdaiBoolean

*result

sdaiTRUE if the required access has granted granted. Otherwise sdaiFALSE.

SdaiInstance

*lastCheckedInstance

When using option CHECK_FULL_PATH, the protected instance as well as the entire chain of parent protected instances will be checked. Checking will be done in the model to repository direction. If access to a protected model is checked and the model it self denies access, the instance Id returned in this variable will be the model Id. If access is denied by the protected parent repository, the repository Id will be returned herein.

SdaiInteger

*accessRole

This variable receives an integer value that tells on what basis access was given or denied. Below is a list of possible values and their significance:

  • OWNER_USER: The EDMuser Id given in the parameter userId is the owner of the protected Instance. Access has been checked against the owner protection code.
  • ADMIN_USER: The EDMuser Id given in the parameter userId is an administrator of the protected instance. Access has been checked against the owner protection code.
  • OWNER_GROUP: The EDMgroup Id given in the parameter groupId is the owner group of the protected Instance. Access has been checked against the group protection code.
  • ADMIN_GROUP: The EDMgroup Id given in the parameter groupId is an administrator group of the protected instance. Access has been checked against the group protection code.
  • ACCESS_FOR_USER: The EDMuser Id given in the parameter userId has been granted individual access rights to the protected instance. Access has been checked against this individually set protection code.
  • ACCESS_FOR_GROUP: The EDMgroup Id given in the parameter groupId has been granted individual access rights to the protected instance. Access has been checked against this individually set protection code.
  • PUBLIC_ACCESS: Neither the given EDMuser nor the EDMgroup was categorized as any of the above listed access roles. Therefore, access was checked against the public protection code.
SdaiInteger

*protection

This variable will receive the full 15bit protection code of the protected instance returned in parameter lastCheckedInstance.

SdaiInteger

*actualAccessRights

This variable will receive the actual 5bit protection code that was applied when access to the protected instance was either given or denied. Depending on the access role used, the protection code returned herein may be either owner protection, group protection, public protection or an individually set protection code. The protection code is a bitwise OR of any combination of the following symbols;
READ_ACCESS, WRITE_ACCESS, CREATE_ACCESS, EXECUTE_ACCESS, DELETE_ACCESS

Return Value

Error rendering macro 'excerpt-include' : User 'null' does not have permission to view the page 'US:_r_EDMInterface'.

 

Options

  

OptionComment

CHECK_FULL_PATH

 

 

Example

 

EdmiError rstat;
 SdaiUser userId;
 SdaiGroup groupId;
 SdaiBoolean gotAccess;
 SdaiUnsignedInt prot5bit, prot15bit, accessRole;
 SdaiInstance protInstId;
 
 if (rstat = edmiCheckInstanceAccess( modId, READ_ACCESS, userId, groupId
 CHECK_FULL_PATH, &gotAccess,
 &protInstId, &accessRole,
 &prot15bit, &prot5bit)) {
 /* Error in operation */ 
 printf("\nError: %s in edmiChangePassword \n", 
 edmiGetErrorText(rstat)); 
 goto error; 
 }
 if (gotAccess) {
 printf("User/Group %d/%d got Read Access on model %d\n",
 userId, groupId, modId);
 } else if (modId == protInstId) {
 printf("User/Group %d/%d does not have Read Access on model %d\n", 
 userId, groupId, modId); 
 } else {
 printf("User/Group %d/%d does not have Read Access on model %d\n", 
 userId, groupId, modId); 
 printf("Access was denied by parent instance %d\n", protInstId);
 }
 . . .

See also

Filter by label

There are no items with the selected labels at this time.

Â