How to: Add an Access Control Entry to a Metadata Object
You must give permissions to users to enable them to execute methods, edit settings, and set permissions on a metadata object. This code example shows you how to use the object model to add access control entries for metadata objects. The first example adds an access control entry for the current user. The second example adds a user mentioned in the example. Notice how you can use the pipe (|) special character to give a combination of rights to users.
Example
This example adds an access control entry for the current user and to a specified user.
Prerequisites
Ensure a Shared Service Provider is already created.
Create an LobSystem instance and set connection parameters as shown in How to: Create an LobSystem Using the Administration Object Model.
Create the ProductModel entity as shown in How to: Create an Entity Using the Administration Object Model.
Create a Finder method as shown in How to: Create a Method and Filters Using the Administration Object Model.
Replace the constant value EnterYourSSPNameHere in the code with the name of your Shared Resource Provider.
Replace the constant value userName in the format domainname\\username.
Project References
Add the following Project References in your console application code project before running this sample:
Microsoft.SharePoint
Microsoft.SharePoint.Portal
Microsoft.Office.Server
using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.Office.Server.ApplicationRegistry.Administration;
using Microsoft.Office.Server.ApplicationRegistry.Infrastructure;
using WSSAdmin = Microsoft.SharePoint.Administration;
using OSSAdmin = Microsoft.Office.Server.Administration;
namespace Microsoft.SDK.SharePointServer.Samples
{
class GetStartedAndCreateSystem
{
const string yourSSPName ="EnterYourSSPNameHere";
const string userName ="domainname\\username";
static void Main(string[] args)
{
SetupBDC();
SetAccessControlListForCurrentUser();
SetAccessControlListForSpecifiedUser();
Console.WriteLine("Press any key to exit...");
Console.Read();
}
static void SetupBDC()
{
SqlSessionProvider.Instance().SetSharedResourceProviderToUse(yourSSPName);
}
public static void SetAccessControlListForCurrentUser()
{
LobSystemInstance mySysInstance = null;
LobSystemInstanceCollection sysInsCollection = ApplicationRegistry.Instance.GetLobSystemInstancesLikeName("AdventureWorksSampleFromCode");
foreach (LobSystemInstance sysInstance in sysInsCollection)
{
if (sysInstance.Name == "AdventureWorksSampleFromCode")
{
mySysInstance = sysInstance;
break;
}
}
LobSystem ls = mySysInstance.LobSystem;
IAccessControlList acl = ls.GetAccessControlList();
String currentIdentity = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
acl.Add(new IndividualAccessControlEntry(currentIdentity, BdcRights.SetPermissions | BdcRights.Execute));
try
{
ls.SetAccessControlList(acl);
}
catch (AccessDeniedException)
{
}
}
public static void SetAccessControlListForSpecifiedUser()
{
LobSystemInstance mySysInstance = null;
LobSystemInstanceCollection sysInsCollection = ApplicationRegistry.Instance.GetLobSystemInstancesLikeName("AdventureWorksSampleFromCode");
foreach (LobSystemInstance sysInstance in sysInsCollection)
{
if (sysInstance.Name == "AdventureWorksSampleFromCode")
{
mySysInstance = sysInstance;
break;
}
}
LobSystem ls = mySysInstance.LobSystem;
IAccessControlList acl = ls.GetAccessControlList();
//replace the domain and user names here
String currentIdentity = userName;
acl.Add(new IndividualAccessControlEntry(currentIdentity, BdcRights.SetPermissions | BdcRights.UseInBusinessDataInLists | BdcRights.SelectableInClients));
try
{
ls.SetAccessControlList(acl);
}
catch (AccessDeniedException)
{
//your exception handling code here
}
Console.WriteLine("Done");
}
}
}