4.2.3 Example: A Demonstration of Privilege Enforcement

Previous page Next page
  rev. 2010-02-22        

In the previous example it was shown that the user “cpowers” has a membership which denies the ability to edit within the Data Source “ManagingEnergy_Template”. Let’s try to change a name of a facility within the “ManagingEnergy_Template” Data Source to see what happens.



  // Set the user identity of the thread context

  User user = api.Login("cpowers", "50957604");


  // Get a facility within the ManagingEnergy_Template Data Source

  Facility facility = api.PortfolioManager.GetFacility("ManagingEnergy_Template", "01", "7023");



  // lets see if we can change the facility name

   facility.Name = "New Name";


catch (ManagingEnergy.Security.SecurityException ex)


  Console.WriteLine("Exception Thrown");





7023 - Springfield Recreational Centre

Exception Thrown

You do not have the required permission to perform the requested action. You must be a member of the 'Editor' role  within the security context 'ManagingEnergy_Template : 01 : 7023'.



When the attempt was made to change the name of the facility, the API first determined the context in which the operation was occurring. In this case the context was 'ManagingEnergy_Template : 01 : 7023'. Since the cpowers’ role membership specifies that he may not edit anything within the “ManagingEnergy_Template” Data Source an exception was generated and displayed in the output. The exception makes reference to the fact the user must be a member of the “Editor” role within the context in question.

Security and User Identity

In the example just shown the Login method was called which set the identity of the thread context the specified user. If we had not called the Login method (or alternatively ManagingEnergy.Security.UserPrincipal.SetIdentity) security enforcement would not have occurred. You must first set the user identity if you would like security to be enforced.

4.2.3_Example_A_Demonstration_         ©2017 Managing Energy Inc.