Qualifying Access with Business Logic in Script
Use business rule scripts to provide run-time logic for checking access. For more information about business rules, see Business Rules.
To assign a business rule to a task, first set the BizRuleLanguage property of the IAzTask object that represents the task. The script must be written using the Visual Basic Scripting Edition (VBScript) programming language or JScript development software. After you specify the script language, set the BizRule property of the IAzTask object with a string representation of the script.
When checking access for an operation contained by a task that has an associated business rule, the application must create two arrays of the same size to be passed as the varParameterNames and varParameterValues parameters of the AccessCheck method of an IAzClientContext object. For information about creating a client context, see Establishing a Client Context in Script.
The AccessCheck method creates an AzBizRuleContext object that is passed to the business rule script. The script then sets the BusinessRuleResult property of the AzBizRuleContext object. A value of True indicates that access is granted, and a value of False indicates that access is denied.
A business rule script cannot be assigned to an IAzTask object contained by a delegated IAzScope object.
The following example shows how to use a business rule script to check a client's access to an operation. The example assumes that there is an existing XML policy store named MyStore.xml in the root directory of drive C, and that this store contains an application named Expense, a task named Submit Expense, and an operation named UseFormControl.
<%@ Language=VBScript %>
<%
' Create the AzAuthorizationStore object.
Dim AzManStore
Set AzManStore = CreateObject("AzRoles.AzAuthorizationStore")
' Initialize the authorization store.
AzManStore.Initialize 0, "msxml://C:\MyStore.xml"
' Open the application object in the store.
Dim expenseApp
Set expenseApp = AzManStore.OpenApplication("Expense")
' Create a client context.
Dim clientName
clientName = Request.ServerVariables("LOGON_USER")
Dim clientContext
Set clientContext = _
expenseApp.InitializeClientContextFromName(clientName)
' Create a business rule for the Submit Expense task.
' Open the Submit Expense task.
Dim submitTask
Set submitTask = expenseApp.OpenTask("Submit Expense")
' Set the business rule language to VBScript.
submitTask.BizRuleLanguage = "VBScript"
' Create a string with the business rule code.
Dim newline
newline = chr(13)
Dim bizRuleString
bizRuleString = "Dim Amount" + newline _
+"AzBizRuleContext.BusinessRuleResult = FALSE" + newline _
+"Amount = AzBizRuleContext.GetParameter(""ExpAmount"")" _
+newline _
+"if Amount < 500 then AzBizRuleContext.BusinessRuleResult = TRUE"
' Assign the business rule to the Submit Expense task.
submitTask.BizRule = bizRuleString
' Save the task information to the store.
submitTask.Submit
' Open the operation to check.
Dim formOperation
Set formOperation = expenseApp.OpenOperation("UseFormControl")
' Get the ID of the operation.
Dim operationID
operationID = formOperation.OperationID
' Set up arrays for operations and results.
Dim Operations(1)
Operations(0) = operationID
Dim Results
' Set up business rule parameters.
Dim bizNames(1)
Dim bizValues(1)
bizNames(0) = "ExpAmount"
bizValues(0) = 100
' Check access.
Results = clientContext.AccessCheck _
("UseFormControl", Empty, Operations, bizNames, bizValues)
%>
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for