The first step in adding security to a component is to create a role. After
the role had been created, users and groups from the NT domain can be added and
removed at the will of the MTS administrator.
It probably comes as no surprise that roles are created with the MTS Explorer.
The following steps enable you to create a role:
STEP BY STEP
16.5 Creating a Role
From the MTS Explorer, double-click the computer that contains packages that
Double-click the package for which you need to create roles. You will see a
Roles folder directly off of the package in the hierarchy represented in the left
Double-click on the Roles folder. By default, no roles will exist if this is
a new package.
Right-click on the Roles folder, choose the New menu item, and then choose
the Roles submenu item. Alternatively, you can select the same menu item from
the Action menu while the Roles folder is selected, or you can click on the Create
New Object button from the toolbar.
A dialog box appears asking you for the name of the role to be created (see
FIGURE 16.7 Creating a role just required you to assign a name to the new
Type in the name of the role.
You will probably want to add users to the role after it is created. Mapping
users to a role allows them to use any of the components or component interfaces
that have been allowed for the given role. The following steps show you how to
STEP BY STEP
16.6 Mapping Users to a Role
From the Roles folder in a package, double-click the role you want to add users
to. This will expand it.
A Users folder will be directly off of the role in the hierarchy. Select the
Right-click on the Users folder, and choose New User. The Add Users and Groups
to Role dialog box appears (see Figure 16.8).
FIGURE 16.8 Adding users and groups is done through a standard NT domain user
Notice that, by default, only groups from the local computer and the domain
are shown. If you want to assign a specific user, you can click on the Show Users
button; the list of valid users from the domain will be appended to the group
Select a user or group from the list.
Click the Add button. Notice that the user or group is added to the Add Names
list. You can add as many users and groups as you wish.
After you have finished adding to the role, click OK.
Each user and group that you added will now be represented by an icon in the
right pane of the Explorer.
Keep in mind that users and groups can be added and removed from roles at anytime.
Additionally, if you have more complicated security requirements, you may choose
to create many roles. It is quite possible for a user to be a member of more than
one role. You might, for example, define a role for the members of management
that will be less restricted from certain interfaces or components. Likewise,
a role for general users that is not assigned access to everything might be necessary.
In a case like this, a department manager might be a member of both roles. This
particular individual would be able to access any component or interface to which
either of the roles has been assigned.
Roles can be used for either programmatic security or declarative security.
Programmatic security requires the component developer to write code that implements
any needed security. On a basic level, knowledge of only two methods is needed:
IsSecurityEnabled and IsCallerInRole. Both of these methods are methods of the
ObjectContext and return a Boolean value. IsSecurityEnabled will return False
if the component is not running in a server process. In other words, if the MTS
component is running in the process of the caller, role checking is not available.
If IsSecurityEnabled is True, IsCallerInRole can be used. Essentially, this method
will require the programmer to know which roles exist on the MTS Server. The IsCallerInRole
takes the name of the role as an argument and returns a value of True if the caller
is a member of the role. Other than that, it is up to the component programmer
to write the logic that implements any security inside the component. The following
code snippet is an example of how to use these methods to implement programmatic
Dim oContext As ObjectContext
Set oContext = GetObjectContext()
If oContext.IsSecurityEnabled Then
‘Check if caller is in role
If Not oContext.IsCallerInRole("Sales") Then
‘ Code to Raise error
In the example code, the component will check whether the caller is a member
of the role named Sales. If he is not, some kind of error is raised back to the
Declarative security does not require additional coding. Instead, roles are
assigned to components, and MTS checks whether callers are one of these roles.