VB6 beginners tutorial - Learn VB6

Advanced VB6 tutorial - Learn Advanced VB6

Systems Analysis - System analysis and Design tutorial for Software Engineering

You are here: Visual Basic > Advanced VB6 tutorial > Chapter 16

Understanding MTS Security - Creating and Adding Users to Roles

The first step in adding security to a component is to create a role. After the role had been created, users and groups from the NT domain can be added and removed at the will of the MTS administrator.

It probably comes as no surprise that roles are created with the MTS Explorer. The following steps enable you to create a role:

16.5 Creating a Role

  1. From the MTS Explorer, double-click the computer that contains packages that need security.

  2. Double-click the package for which you need to create roles. You will see a Roles folder directly off of the package in the hierarchy represented in the left pane.

  3. Double-click on the Roles folder. By default, no roles will exist if this is a new package.

  4. Right-click on the Roles folder, choose the New menu item, and then choose the Roles submenu item. Alternatively, you can select the same menu item from the Action menu while the Roles folder is selected, or you can click on the Create New Object button from the toolbar.

  5. A dialog box appears asking you for the name of the role to be created (see Figure 16.7).

    Creating a role just required you to assign a name to the new role.
    FIGURE 16.7 Creating a role just required you to assign a name to the new role.

  6. Type in the name of the role.

  7. Click OK.

You will probably want to add users to the role after it is created. Mapping users to a role allows them to use any of the components or component interfaces that have been allowed for the given role. The following steps show you how to do this:

16.6 Mapping Users to a Role

  1. From the Roles folder in a package, double-click the role you want to add users to. This will expand it.

  2. A Users folder will be directly off of the role in the hierarchy. Select the Users folder.

  3. Right-click on the Users folder, and choose New User. The Add Users and Groups to Role dialog box appears (see Figure 16.8).

    Adding users and groups is done through a standard NT domain user list.
    FIGURE 16.8 Adding users and groups is done through a standard NT domain user list.

  4. Notice that, by default, only groups from the local computer and the domain are shown. If you want to assign a specific user, you can click on the Show Users button; the list of valid users from the domain will be appended to the group list.

  5. Select a user or group from the list.

  6. Click the Add button. Notice that the user or group is added to the Add Names list. You can add as many users and groups as you wish.

  7. After you have finished adding to the role, click OK.

  8. Each user and group that you added will now be represented by an icon in the right pane of the Explorer.

Keep in mind that users and groups can be added and removed from roles at anytime. Additionally, if you have more complicated security requirements, you may choose to create many roles. It is quite possible for a user to be a member of more than one role. You might, for example, define a role for the members of management that will be less restricted from certain interfaces or components. Likewise, a role for general users that is not assigned access to everything might be necessary. In a case like this, a department manager might be a member of both roles. This particular individual would be able to access any component or interface to which either of the roles has been assigned.

Roles can be used for either programmatic security or declarative security. Programmatic security requires the component developer to write code that implements any needed security. On a basic level, knowledge of only two methods is needed: IsSecurityEnabled and IsCallerInRole. Both of these methods are methods of the ObjectContext and return a Boolean value. IsSecurityEnabled will return False if the component is not running in a server process. In other words, if the MTS component is running in the process of the caller, role checking is not available. If IsSecurityEnabled is True, IsCallerInRole can be used. Essentially, this method will require the programmer to know which roles exist on the MTS Server. The IsCallerInRole takes the name of the role as an argument and returns a value of True if the caller is a member of the role. Other than that, it is up to the component programmer to write the logic that implements any security inside the component. The following code snippet is an example of how to use these methods to implement programmatic security:

Dim oContext As ObjectContext
Set oContext = GetObjectContext()
If oContext.IsSecurityEnabled Then
   ‘Check if caller is in role
   If Not oContext.IsCallerInRole("Sales") Then
      ‘ Code to Raise error
   End If
End If

In the example code, the component will check whether the caller is a member of the role named Sales. If he is not, some kind of error is raised back to the caller.

Declarative security does not require additional coding. Instead, roles are assigned to components, and MTS checks whether callers are one of these roles.


<< Previous | Contents | Next >>

Home | About Us | Privacy Policy | Contact Us

Copyright © | All Rights Reserved