The SecurityInfo object allows you to set the security roles, rights, and limits on an object for a specific user or group. Roles are predefined set of object rights that are designed to cover the most common cases of security access. It is recommended that you start by using roles, and then apply more granular rights if necessary. Specifically, rights permit a user or group to perform specific actions on an object; limits restrict the number of instances for each object, user, or group that are allowed on the system. Users or groups that are given specific object rights and limits are called object principals.

Crystal Enterprise uses object security, which means that roles, rights, and limits are set for each InfoObject in the system and not for each principal. For example, all folders have a set of available rights that the system makes available to them. You can use a report's SecurityInfo object to determine which of these rights you want to give to a particular user or group. Specifically, you can use the KnownRights Property Property to select the rights that you want to grant or deny to a principal, and then add these rights to the principal's SecurityRights Collection.

Note:    Rights that are inherited or specified through a role are also added to the principal's SecurityRights Collection. Rights that are not in the collection are considered to be "not specified."

All principals that have explicit rights to an object are added to the object's ObjectPrincipals Collection. You can retrieve security information for any principal, even if it does not have explicit rights on the object, by using the AnyPrincipal Property.

Tip:    When scheduling a report you must give the object schedule rights either by setting the role or by adding the security rights.

For a more comprehensive overview of the object security model used by Crystal Enterprise, see the Crystal Enterprise Administrator's Guide. See the "Appendix A: Object Rights and Access Levels" in the Crystal Enterprise Administrator's Guide for a list of the granular rights granted for each role.

Properties

Property	Description
AnyPrincipal Property	Returns the effective rights and limits for any principal, even if the principal does not have explicit rights to the object. Read-Only.
KnownLimits Property	Returns the collection of limits that the object knows about. Read-Only.
KnownRights Property	Returns the collection of rights that the object knows about. Read-Only.
ObjectPrincipals Property	Returns the collection of principals that have rights on the object. Read-Only.

Methods

Method	Description
CheckAction Method	Returns True if the InfoObject grants the appropriate rights needed to make the specified ActionID valid for the object, and False if it does not.
CheckRight Method	Returns True if the right is permitted for the current user, and False if it is not.