How to: Get the Access Control List for a Metadata Object
Each object in the Business Data Catalog hierarchy of metadata objects (Application, Entity, Method, MethodInstance, Parameter, TypeDescriptor, and so on) has an access control list (ACL) that specifies which principals have which rights on the object. Of the 13 metadata objects, only LobSystem, Entity, Method, and MethodInstance have ACLs that can be controlled individually. These objects are referred to as Individually Securable metadata objects. Other metadata objects inherit the ACLs from their immediate parent and are referred to as Access-controlled metadata objects.
Business Data clients such as Business Data in Lists and Business Data Web Parts are driven by Business Data Catalog permissions. The minimum permission required on an entity to make it usable in clients is the Selectable in Clients right.
Note
Because Business Data Catalog is a Shared Service that is shared across site collections, site collection level security settings cannot be applied to it. Therefore, Site Settings has little relationship with Business Data Catalog permissions.
The following table shows the rights the administrator—or someone with Manage Permissions right—can set on a Business Data Catalog application.
| Right | Applies To | Description |
|---|---|---|
Edit |
Access-controlled metadata objects |
|
Manage Permissions |
Individually securable metadata objects |
|
Execute (View) |
MethodInstance |
|
Selectable in Clients |
Application and Entity |
|
Example
The following code example shows how to retrieve the ACL for an LobSystem instance that is registered in the Business Data Catalog.
Prerequisites
Ensure a Shared Service Provider is already created.
Create an LobSystem instance and set connection parameters as shown in How to: Create an LobSystem Using the Administration Object Model.
Create the ProductModel entity as shown in How to: Create an Entity Using the Administration Object Model.
Create a Finder method as shown in How to: Create a Method and Filters Using the Administration Object Model.
Replace the constant value EnterYourSSPNameHere in the code with the name of your Shared Resource Provider.
Project References
Add the following Project References in your console application code project before running this sample:
Microsoft.SharePoint
Microsoft.SharePoint.Portal
Microsoft.Office.Server
using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.Office.Server.ApplicationRegistry.Administration;
using Microsoft.Office.Server.ApplicationRegistry.Infrastructure;
using WSSAdmin = Microsoft.SharePoint.Administration;
using OSSAdmin = Microsoft.Office.Server.Administration;
namespace Microsoft.SDK.SharePointServer.Samples
{
class GetStartedAndCreateSystem
{
const string yourSSPName ="EnterYourSSPNameHere";
static void Main(string[] args)
{
SetupBDC();
GetAccessControlList();
Console.WriteLine("Press any key to exit...");
Console.Read();
}
static void SetupBDC()
{
SqlSessionProvider.Instance().SetSharedResourceProviderToUse(yourSSPName);
}
public static void GetAccessControlList()
{
LobSystemInstance mySysInstance = null;
LobSystemInstanceCollection sysInsCollection = ApplicationRegistry.Instance.GetLobSystemInstancesLikeName("AdventureWorksSampleFromCode");
foreach (LobSystemInstance sysInstance in sysInsCollection)
{
if (sysInstance.Name == "AdventureWorksSampleFromCode")
{
mySysInstance = sysInstance;
break;
}
}
LobSystem ls = mySysInstance.LobSystem;
IAccessControlList acl = ls.GetAccessControlList();
foreach (IAccessControlEntry ace in acl)
{
Console.WriteLine(ace.IdentityName);
Console.WriteLine(ace.Rights);
}
}
}
}