Azman 获取用户的角色、操作、任务
AzAuthorizationStoreClass authorizationStore = new AzAuthorizationStoreClass();
authorizationStore.Initialize(0, ConfigurationManager.ConnectionStrings
["StoreLocation"].ConnectionString, null);
IAzApplication2 application = authorizationStore.OpenApplication2(ConfigurationManager.AppSettings["App"].ToString(), null);
请让我知道如何获取用户的操作、任务、角色。
谢谢
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
没有一个简单的 API 可以实现这一点。你必须自己动手。
对于操作,您只需执行 AccessCheck2对于每个可能的操作。构建一组允许的操作。
如果您需要构建任务和角色定义,则必须比较每个 IAzTask.Operations 属性到您构建的允许操作集。如果允许的操作集是任务/角色定义操作集的超集,则可以说任务/角色定义“属于”用户。
如果您的策略存储中有自定义范围,则必须为每个范围执行此操作。如果您的应用程序检查多个范围,那么在为用户提供所有操作/任务/角色的最终报告时,您必须考虑到这一点。
There's not a straightforward API for this. You'll have to roll your own.
For operations, you can just do an AccessCheck2 for each possible operation. Build a set of the allowed operations.
If you need to build tasks and role definitions, you'll have to compare the value of each IAzTask.Operations property to your built set of allowed operations. If your set of allowed operations is a superset of the Task/Role Definition Operations set, then the Task/Role Definition might be said to "belong" to the user.
If you have custom scopes in your policy store, you'll have to do this for each scope. If your application checks multiple scopes, then you'll have to take that into account when coming up with the final report of all operations/tasks/roles for a user.