Share via

IAuthorizationExtension.CreateSecurityDescriptor Method

  • Article

Returns the security descriptor that is stored with an individual item in the report server database. This method is not CLS-compliant.

Namespace: Microsoft.ReportingServices.Interfaces
Assembly: Microsoft.ReportingServices.Interfaces (in microsoft.reportingservices.interfaces.dll)

Syntax

'Declaration
<StrongNameIdentityPermissionAttribute(SecurityAction.LinkDemand, PublicKey:="0024000004800000940000000602000000240000525341310004000001000100272736ad6e5f9586bac2d531eabc3acc666c2f8ec879fa94f8f7b0327d2ff2ed523448f83c3d5c5dd2dfc7bc99c5286b2c125117bf5cbe242b9d41750732b2bdffe649c6efb8e5526d526fdd130095ecdb7bf210809c6cdad8824faa9ac0310ac3cba2aa0523567b2dfa7fe250b30facbd62d4ec99b94ac47c7d3b28f1f6e4c8")> _
Function CreateSecurityDescriptor ( _
    acl As AceCollection, _
    itemType As SecurityItemType, _
    <OutAttribute> ByRef stringSecDesc As String _
) As Byte()

[StrongNameIdentityPermissionAttribute(SecurityAction.LinkDemand, PublicKey="0024000004800000940000000602000000240000525341310004000001000100272736ad6e5f9586bac2d531eabc3acc666c2f8ec879fa94f8f7b0327d2ff2ed523448f83c3d5c5dd2dfc7bc99c5286b2c125117bf5cbe242b9d41750732b2bdffe649c6efb8e5526d526fdd130095ecdb7bf210809c6cdad8824faa9ac0310ac3cba2aa0523567b2dfa7fe250b30facbd62d4ec99b94ac47c7d3b28f1f6e4c8")] 
byte[] CreateSecurityDescriptor (
    AceCollection acl,
    SecurityItemType itemType,
    out string stringSecDesc
)

[StrongNameIdentityPermissionAttribute(SecurityAction::LinkDemand, PublicKey=L"0024000004800000940000000602000000240000525341310004000001000100272736ad6e5f9586bac2d531eabc3acc666c2f8ec879fa94f8f7b0327d2ff2ed523448f83c3d5c5dd2dfc7bc99c5286b2c125117bf5cbe242b9d41750732b2bdffe649c6efb8e5526d526fdd130095ecdb7bf210809c6cdad8824faa9ac0310ac3cba2aa0523567b2dfa7fe250b30facbd62d4ec99b94ac47c7d3b28f1f6e4c8")] 
array<unsigned char>^ CreateSecurityDescriptor (
    AceCollection^ acl, 
    SecurityItemType itemType, 
    [OutAttribute] String^% stringSecDesc
)

/** @attribute StrongNameIdentityPermissionAttribute(SecurityAction.LinkDemand, PublicKey="0024000004800000940000000602000000240000525341310004000001000100272736ad6e5f9586bac2d531eabc3acc666c2f8ec879fa94f8f7b0327d2ff2ed523448f83c3d5c5dd2dfc7bc99c5286b2c125117bf5cbe242b9d41750732b2bdffe649c6efb8e5526d526fdd130095ecdb7bf210809c6cdad8824faa9ac0310ac3cba2aa0523567b2dfa7fe250b30facbd62d4ec99b94ac47c7d3b28f1f6e4c8") */ 
byte[] CreateSecurityDescriptor (
    AceCollection acl, 
    SecurityItemType itemType, 
    /** @attribute OutAttribute() */ /** @ref */ String stringSecDesc
)

JScript does not support passing value-type arguments by reference.

Parameters

  • acl
    The access code list created by the report server for the item. It contains a collection of access code entries.
  • itemType
    The type of item for which the security descriptor is created.
  • stringSecDesc
    Optional. A user-friendly description of the security descriptor that can be used for debugging. This is not stored by the report server.

Return Value

A serialized access code list.

Remarks

Implement this method to serialize the access code list that is applied to an item in the report server database.

A security descriptor describes the following:

  • The group or user that has some type of permission to perform operations on the item.

  • The item's type.

  • A discretionary access control list controlling access to the item.

You can control access to an item and its properties using a security descriptor. Using a SQL Server Reporting Services security descriptor, you can:

  • Grant a trustee access rights to an item and its properties.

  • Identify trustees using a principal name or user ID.

  • Set, retrieve, and modify the descriptor programmatically.

Each item's security descriptor is created by a call to the CreateSecurityDescriptor method and accessed by a call to CheckAccess through the report server. This property is the item's descriptor in a serialized byte array. The descriptor is physically stored in the report server database, which is internally based on a collection of access control entries. When you request an access check on an item, the byte array is retrieved from the database and passed as an argument to the CheckAccess method. When you set this property for an item, the AceCollection is passed and you are required to create the binary descriptor for the item.

Example

The following example uses the CreateSecurityDescriptor method to serialize the access code list for an item in the report server database. You can use this method to serialize additional security or authentication information as part of the security descriptor.

Public Function CreateSecurityDescriptor(acl As AceCollection, itemType As SecurityItemType, ByRef stringSecDesc As String) As Byte()
   ' Creates a memory stream and serializes the ACL for storage.
   Dim bf As New BinaryFormatter()
   Dim result As New MemoryStream()
   bf.Serialize(result, acl)
   stringSecDesc = Nothing
   Return result.GetBuffer()
End Function 'CreateSecurityDescriptor
public byte[] CreateSecurityDescriptor(AceCollection acl, SecurityItemType itemType, out string stringSecDesc)
{
   // Creates a memory stream and serializes the ACL for storage.
   BinaryFormatter bf = new BinaryFormatter();
   MemoryStream result = new MemoryStream();
   bf.Serialize(result, acl);
   stringSecDesc = null;
   return result.GetBuffer();
}

Thread Safety

Any public static (Shared in Microsoft Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Development Platforms

For a list of the supported platforms, see Hardware and Software Requirements for Installing SQL Server 2005.

Target Platforms

For a list of the supported platforms, see Hardware and Software Requirements for Installing SQL Server 2005.

See Also

Reference

IAuthorizationExtension Interface
IAuthorizationExtension Members
Microsoft.ReportingServices.Interfaces Namespace