Provides managerial access to the Permissions Store.
Product Availability
Available with ArcGIS Engine, ArcGIS Desktop, and ArcGIS Server.
Description
IPermissionsManager provides methods to query the state of Allow and Deny rules on operations on ArcGIS Server resources.
The IPermissionsManager interface can be obtained by a query interface with the IServerObjectManager interface.
A list of security model
concepts is useful here.
- User - An individual identified by a unique user name who wants to consume resources provided by ArcGIS Server. Users are stored within a User Store which may be a database, the active directory on a Windows Server or an LDAP sever. All authentication of users takes place in the web tier.
- Role - A collection of users based on functional, departmental or classification groupings (e.g. Planners, Editors, Classified, Unclassified, etc.). A role can be assigned a permission to use or invoke operations on a resource. Roles are stored within a Role Store which may be a database, the Active Directory on a Windows Server or an LDAP server.
- Principal - A term that denotes either a User or a Role.
- Resource - An item or object that is to be secured. In a 9.3 ArcGIS Server, resources are web applications and GIS services and server folders containing GIS services.
- Operation - An action or method that can be invoked on a secured resource. At 9.3, no distinction is made between operations and the only valid value, "*", is used to denote all actions.
- Permission - The ability of a role to use or invoke operations on a specific resource.
Permissions are assigned
in a Continuous Inheritance model. A child
resource inherits permissions from its parent resource and the
child can be changed to differ from the parent. Changing the
permission on the parent for a specific user/role restores
inheritance to match the parent recursively; all children will be
changed to match the parent.
When To Use
Use the IPermissionsManager interface when your application needs to query the state of role-based permissions on an ArcGIS Server.
If your application needs to connect to the server to perform changes to the role-based ArcGIS Server security model, use the IPermissionsAdmin interface instead.
Members
| Description | ||
|---|---|---|
 |
CheckForDescendentsWithDifferentPermissions | Checks whether the specified principal has different permissions among the descendents of the specified parent resource/operation combination. |
|
CheckPermission | Checks whether the specified principal has permission to perform the given operation on the indicated resource. |
|
GetPrincipalsWithPermissionOnResource | Enumerates all principals having permission to perform the specified operation on the given resource. |
CoClasses that implement IPermissionsManager
| CoClasses and Classes | Description |
|---|---|
| ServerObjectManager | The ServerObjectManager object which creates ServerContext, ServerObjectConfigurationInfo and ServerObjectTypeInfo objects. |
Remarks
The following state of the role-based security model of the ArcGIS Server is exposed by the methods of IPermissionsAdmin :
Query role-based ArcGIS Server security:
- Check whether the supplied principal has permissions for all operations on a specific resource.
- Get all of the principals that have permissions for all operations on a specific resource.
- Check whether any descendents of the specified resource have permissions that differ.