The Permission data object associates the privileges required to perform an action on an object with the principals (user, group). Principals have privileges through their role. To set or update permissions on an object, use the AuthorizationManager.SetEntityPermissions method.

To set permissions on an entity, use the following steps.

Procedure

  1. Obtain a reference to the AuthorizationManager for the server from the ServiceContent object associated with the ServiceInstance. For example:
    ManagedObjectReference hostAuthorizationManager = service.getAuthorizationManager();
  2. Create a Permission data object that identifies the user (or group) name, the role, the entity to which the permission should apply, and whether the permission should be applied to the entity’s children.

    For example, the following code fragment creates a permission on the root folder of the inventory granting a user Administrator role to the root folder and all its children.

    Permission per = new Permission();
    per.setGroup(false);
    per.setPrincipal(“new_user_name”);
    per.setRoleId(-1);
    per.setPropagate(true);
    per.setEntity(rootFolder);

    Permissions cannot be set directly on children in a complex entity. For complex entities, set permissions on the parent entity and set the propagate flag to true to apply permissions to the child entities.

    To replace existing permissions with a new set of permissions, use the AuthorizationManager.ResetEntityPermissions method.