private SecuritySystemMemberPermissionsObject CreateUserMemberPermission(string member) { SecuritySystemMemberPermissionsObject memberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); memberPermission.Members = member; memberPermission.AllowWrite = true; return(memberPermission); }
private DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole CreateDefaultRole() { DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole defaultRole = ObjectSpace.FindObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>(new BinaryOperator("Name", "Default")); if (defaultRole == null) { defaultRole = ObjectSpace.CreateObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>(); defaultRole.Name = "Default"; SecuritySystemTypePermissionObject securityDemoUserPermissions = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); securityDemoUserPermissions.TargetType = typeof(SecuritySystemUser); defaultRole.TypePermissions.Add(securityDemoUserPermissions); SecuritySystemObjectPermissionsObject myDetailsPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); //myDetailsPermission.TargetType = typeof(SecuritySystemUser); myDetailsPermission.Criteria = "[Oid] = CurrentUserId()"; myDetailsPermission.AllowNavigate = true; myDetailsPermission.AllowRead = true; securityDemoUserPermissions.ObjectPermissions.Add(myDetailsPermission); //defaultRole.PersistentPermissions.Add(myDetailsPermission); SecuritySystemTypePermissionObject userPermissions = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userPermissions.TargetType = typeof(DevExpress.ExpressApp.Security.Strategy.SecuritySystemUser); defaultRole.TypePermissions.Add(userPermissions); SecuritySystemMemberPermissionsObject ownPasswordPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); //ownPasswordPermission.TargetType = typeof(SecurityUser); ownPasswordPermission.Members = "ChangePasswordOnFirstLogon; StoredPassword"; ownPasswordPermission.AllowWrite = true; userPermissions.MemberPermissions.Add(ownPasswordPermission); //defaultRole.PersistentPermissions.Add(ownPasswordPermission); SecuritySystemTypePermissionObject securityRolePermissions = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); securityRolePermissions.TargetType = typeof(DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole); defaultRole.TypePermissions.Add(userPermissions); SecuritySystemObjectPermissionsObject defaultRolePermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); //defaultRolePermission.TargetType = typeof(DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole); defaultRolePermission.Criteria = "[Name] = 'Default'"; defaultRolePermission.AllowNavigate = true; defaultRolePermission.AllowRead = true; securityRolePermissions.ObjectPermissions.Add(defaultRolePermission); //defaultRole.PersistentPermissions.Add(defaultRolePermission); } return(defaultRole); }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); // Administrative role SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName)); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = SecurityStrategy.AdministratorRoleName; adminRole.IsAdministrative = true; } // Administrator user SecuritySystemUser adminUser = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "Administrator")); if (adminUser == null) { adminUser = ObjectSpace.CreateObject <SecuritySystemUser>(); adminUser.UserName = "******"; adminUser.SetPassword(""); adminUser.Roles.Add(adminRole); } // A role whith type-level permissions SecuritySystemRole contactsManagerRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", "Contacts Manager")); if (contactsManagerRole == null) { contactsManagerRole = ObjectSpace.CreateObject <SecuritySystemRole>(); contactsManagerRole.Name = "Contacts Manager"; SecuritySystemTypePermissionObject contactTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); contactTypePermission.TargetType = typeof(Contact); contactTypePermission.AllowCreate = true; contactTypePermission.AllowDelete = true; contactTypePermission.AllowNavigate = true; contactTypePermission.AllowRead = true; contactTypePermission.AllowWrite = true; contactsManagerRole.TypePermissions.Add(contactTypePermission); } SecuritySystemUser userSam = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "Sam")); if (userSam == null) { userSam = ObjectSpace.CreateObject <SecuritySystemUser>(); userSam.UserName = "******"; userSam.SetPassword(""); userSam.Roles.Add(contactsManagerRole); } // A role with object-level permissions SecuritySystemRole basicUserRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", "Basic User")); if (basicUserRole == null) { basicUserRole = ObjectSpace.CreateObject <SecuritySystemRole>(); basicUserRole.Name = "Basic User"; SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userTypePermission.TargetType = typeof(SecuritySystemUser); SecuritySystemObjectPermissionsObject currentUserObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()"; currentUserObjectPermission.AllowNavigate = true; currentUserObjectPermission.AllowRead = true; userTypePermission.ObjectPermissions.Add(currentUserObjectPermission); basicUserRole.TypePermissions.Add(userTypePermission); } SecuritySystemUser userJohn = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "John")); if (userJohn == null) { userJohn = ObjectSpace.CreateObject <SecuritySystemUser>(); userJohn.UserName = "******"; userJohn.SetPassword(""); userJohn.Roles.Add(basicUserRole); } // A role with member-level permissions SecuritySystemRole contactViewerRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", "Contact Viewer")); if (contactViewerRole == null) { contactViewerRole = ObjectSpace.CreateObject <SecuritySystemRole>(); contactViewerRole.Name = "Contact Viewer"; SecuritySystemTypePermissionObject contactLimitedTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); contactLimitedTypePermission.TargetType = typeof(Contact); contactLimitedTypePermission.AllowNavigate = true; SecuritySystemMemberPermissionsObject contactMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); contactMemberPermission.Members = "Name"; contactMemberPermission.AllowRead = true; contactLimitedTypePermission.MemberPermissions.Add(contactMemberPermission); contactViewerRole.TypePermissions.Add(contactLimitedTypePermission); } SecuritySystemUser userBill = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "Bill")); if (userBill == null) { userBill = ObjectSpace.CreateObject <SecuritySystemUser>(); userBill.UserName = "******"; userBill.SetPassword(""); userBill.Roles.Add(contactViewerRole); } // Contact objects are created for demo purposes Contact contactMary = ObjectSpace.FindObject <Contact>( new BinaryOperator("Name", "Mary Tellitson")); if (contactMary == null) { contactMary = ObjectSpace.CreateObject <Contact>(); contactMary.Name = "Mary Tellitson"; contactMary.Email = "*****@*****.**"; } Contact contactJohn = ObjectSpace.FindObject <Contact>( new BinaryOperator("Name", "John Nilsen")); if (contactJohn == null) { contactJohn = ObjectSpace.CreateObject <Contact>(); contactJohn.Name = "John Nilsen"; contactJohn.Email = "*****@*****.**"; } ObjectSpace.CommitChanges(); }
private DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole CreateSecurityDemoRole() { DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole securityDemoRole = ObjectSpace.FindObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>(new BinaryOperator("Name", "Demo")); if (securityDemoRole == null) { securityDemoRole = ObjectSpace.CreateObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>(); securityDemoRole.Name = "Demo"; // Type Operation Permissions SecuritySystemTypePermissionObject fullAccessPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); fullAccessPermission.TargetType = typeof(FullAccessObject); fullAccessPermission.AllowCreate = true; fullAccessPermission.AllowDelete = true; fullAccessPermission.AllowNavigate = true; fullAccessPermission.AllowRead = true; fullAccessPermission.AllowWrite = true; fullAccessPermission.Save(); securityDemoRole.TypePermissions.Add(fullAccessPermission); SecuritySystemTypePermissionObject protectedContentPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); protectedContentPermission.TargetType = typeof(ProtectedContentObject); protectedContentPermission.AllowNavigate = true; protectedContentPermission.Save(); securityDemoRole.TypePermissions.Add(protectedContentPermission); SecuritySystemTypePermissionObject readOnlyPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); readOnlyPermission.TargetType = typeof(ReadOnlyObject); readOnlyPermission.AllowNavigate = true; readOnlyPermission.AllowRead = true; readOnlyPermission.Save(); securityDemoRole.TypePermissions.Add(readOnlyPermission); SecuritySystemTypePermissionObject irremovablePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); irremovablePermission.TargetType = typeof(IrremovableObject); irremovablePermission.AllowCreate = true; irremovablePermission.AllowNavigate = true; irremovablePermission.AllowRead = true; irremovablePermission.AllowWrite = true; irremovablePermission.Save(); securityDemoRole.TypePermissions.Add(irremovablePermission); SecuritySystemTypePermissionObject uncreatablePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); uncreatablePermission.TargetType = typeof(UncreatableObject); uncreatablePermission.AllowDelete = true; uncreatablePermission.AllowNavigate = true; uncreatablePermission.AllowRead = true; uncreatablePermission.AllowWrite = true; uncreatablePermission.Save(); securityDemoRole.TypePermissions.Add(uncreatablePermission); // Member Operation Permissions SecuritySystemTypePermissionObject navigateMemberLevelOperationObjectPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); navigateMemberLevelOperationObjectPermission.TargetType = typeof(MemberLevelSecurityObject); navigateMemberLevelOperationObjectPermission.AllowCreate = true; navigateMemberLevelOperationObjectPermission.AllowDelete = true; navigateMemberLevelOperationObjectPermission.AllowNavigate = true; navigateMemberLevelOperationObjectPermission.Save(); securityDemoRole.TypePermissions.Add(navigateMemberLevelOperationObjectPermission); SecuritySystemMemberPermissionsObject readWriteMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); //readWriteMemberPermission.TargetType = typeof(MemberLevelSecurityObject); readWriteMemberPermission.Members = "ReadWriteProperty; Name; oid; Oid; OptimisticLockField"; // TODO - Slava D - service fields - XPO responsibility readWriteMemberPermission.AllowRead = true; readWriteMemberPermission.AllowWrite = true; readWriteMemberPermission.Save(); navigateMemberLevelOperationObjectPermission.MemberPermissions.Add(readWriteMemberPermission); //securityDemoRole.TypePermissions.Add(readWriteMemberPermission); SecuritySystemMemberPermissionsObject protectedContentMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); //protectedContentMemberPermission.TargetType = typeof(MemberLevelSecurityObject); protectedContentMemberPermission.Members = "ProtectedContentProperty; ProtectedContentCollection"; protectedContentMemberPermission.Save(); navigateMemberLevelOperationObjectPermission.MemberPermissions.Add(protectedContentMemberPermission); //securityDemoRole.TypePermissions.Add(protectedContentMemberPermission); SecuritySystemMemberPermissionsObject readOnlyMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); //readOnlyMemberPermission.TargetType = typeof(MemberLevelSecurityObject); readOnlyMemberPermission.Members = "ReadOnlyProperty; ReadOnlyCollection"; readOnlyMemberPermission.AllowRead = true; readOnlyMemberPermission.Save(); navigateMemberLevelOperationObjectPermission.MemberPermissions.Add(readOnlyMemberPermission); //securityDemoRole.TypePermissions.Add(readOnlyMemberPermission); SecuritySystemTypePermissionObject memberLevelReferencedObject1Permission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); memberLevelReferencedObject1Permission.TargetType = typeof(MemberLevelReferencedObject1); memberLevelReferencedObject1Permission.AllowRead = true; memberLevelReferencedObject1Permission.AllowWrite = true; memberLevelReferencedObject1Permission.AllowCreate = true; memberLevelReferencedObject1Permission.AllowDelete = true; memberLevelReferencedObject1Permission.Save(); securityDemoRole.TypePermissions.Add(memberLevelReferencedObject1Permission); SecuritySystemTypePermissionObject memberLevelReferencedObject2Permission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); memberLevelReferencedObject2Permission.TargetType = typeof(MemberLevelReferencedObject2); memberLevelReferencedObject2Permission.AllowRead = true; memberLevelReferencedObject2Permission.AllowWrite = true; memberLevelReferencedObject2Permission.AllowCreate = true; memberLevelReferencedObject2Permission.AllowDelete = true; memberLevelReferencedObject2Permission.Save(); securityDemoRole.TypePermissions.Add(memberLevelReferencedObject2Permission); // Object Operation Permissions SecuritySystemTypePermissionObject navigateObjectLevelSecurityObjectPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); navigateObjectLevelSecurityObjectPermission.TargetType = typeof(ObjectLevelSecurityObject); navigateObjectLevelSecurityObjectPermission.AllowNavigate = true; navigateObjectLevelSecurityObjectPermission.Save(); securityDemoRole.TypePermissions.Add(navigateObjectLevelSecurityObjectPermission); SecuritySystemObjectPermissionsObject fullAccessObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); //fullAccessObjectPermission.TargetType = typeof(ObjectLevelSecurityObject); fullAccessObjectPermission.Criteria = "[Name] Like '%Fully Accessible%'"; //fullAccessObjectPermission.AllowCreate = true; fullAccessObjectPermission.AllowDelete = true; fullAccessObjectPermission.AllowNavigate = true; fullAccessObjectPermission.AllowRead = true; fullAccessObjectPermission.AllowWrite = true; fullAccessObjectPermission.Save(); navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(fullAccessObjectPermission); //securityDemoRole.TypePermissions.Add(fullAccessObjectPermission); SecuritySystemObjectPermissionsObject protectedContentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); //protectedContentObjectPermission.TargetType = typeof(ObjectLevelSecurityObject); protectedContentObjectPermission.Criteria = "[Name] Like '%Protected%'"; protectedContentObjectPermission.AllowNavigate = true; protectedContentObjectPermission.Save(); navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(protectedContentObjectPermission); //securityDemoRole.TypePermissions.Add(protectedContentObjectPermission); SecuritySystemObjectPermissionsObject readOnlyObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); //readOnlyObjectPermission.TargetType = typeof(ObjectLevelSecurityObject); readOnlyObjectPermission.Criteria = "[Name] Like '%Read-Only%'"; readOnlyObjectPermission.AllowNavigate = true; readOnlyObjectPermission.AllowRead = true; readOnlyObjectPermission.Save(); navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(readOnlyObjectPermission); //securityDemoRole.TypePermissions.Add(readOnlyObjectPermission); SecuritySystemObjectPermissionsObject irremovableObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); //irremovableObjectPermission.TargetType = typeof(ObjectLevelSecurityObject); irremovableObjectPermission.Criteria = "[Name] Like '%Protected Deletion%'"; //irremovableObjectPermission.AllowCreate = true; irremovableObjectPermission.AllowNavigate = true; irremovableObjectPermission.AllowRead = true; irremovableObjectPermission.AllowWrite = true; irremovableObjectPermission.Save(); navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(irremovableObjectPermission); //securityDemoRole.TypePermissions.Add(irremovableObjectPermission); securityDemoRole.Save(); } return(securityDemoRole); }
//Users can access and partially edit data (no create and delete capabilities) from their own department. private SecuritySystemRole GetUserRole() { SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Users")); if (userRole == null) { userRole = ObjectSpace.CreateObject <SecuritySystemRole>(); userRole.Name = "Users"; SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userTypePermission.TargetType = typeof(Employee); userRole.TypePermissions.Add(userTypePermission); SecuritySystemObjectPermissionsObject canViewEmployeesFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canViewEmployeesFromOwnDepartmentObjectPermission.Criteria = "Department.Employees[Oid = CurrentUserId()]"; //canViewEmployeesFromOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canViewEmployeesFromOwnDepartmentObjectPermission.AllowNavigate = true; canViewEmployeesFromOwnDepartmentObjectPermission.AllowRead = true; userTypePermission.ObjectPermissions.Add(canViewEmployeesFromOwnDepartmentObjectPermission); SecuritySystemMemberPermissionsObject canEditOwnUserMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); canEditOwnUserMemberPermission.Members = "ChangePasswordOnFirstLogon; StoredPassword; FirstName; LastName;"; canEditOwnUserMemberPermission.Criteria = "Oid=CurrentUserId()"; canEditOwnUserMemberPermission.Criteria = (new OperandProperty("Oid") == new FunctionOperator(CurrentUserIdOperator.OperatorName)).ToString(); canEditOwnUserMemberPermission.AllowWrite = true; userTypePermission.MemberPermissions.Add(canEditOwnUserMemberPermission); SecuritySystemMemberPermissionsObject canEditUserAssociationsFromOwnDepartmentMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); canEditUserAssociationsFromOwnDepartmentMemberPermission.Members = "Tasks; Department;"; canEditUserAssociationsFromOwnDepartmentMemberPermission.Criteria = "Department.Employees[Oid = CurrentUserId()]"; //canEditUserAssociationsFromOwnDepartmentMemberPermission.Criteria = new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canEditUserAssociationsFromOwnDepartmentMemberPermission.AllowWrite = true; userTypePermission.MemberPermissions.Add(canEditUserAssociationsFromOwnDepartmentMemberPermission); SecuritySystemTypePermissionObject roleTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); roleTypePermission.TargetType = typeof(SecuritySystemRole); roleTypePermission.AllowRead = true; userRole.TypePermissions.Add(roleTypePermission); SecuritySystemTypePermissionObject taskTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); taskTypePermission.TargetType = typeof(EmployeeTask); taskTypePermission.AllowNavigate = true; userRole.TypePermissions.Add(taskTypePermission); SecuritySystemMemberPermissionsObject canEditTaskAssociationsMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); canEditTaskAssociationsMemberPermission.Members = "AssignedTo;"; canEditTaskAssociationsMemberPermission.Criteria = "AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canEditTaskAssociationsMemberPermission.Criteria = "AssignedTo.Department.Employees[Oid = CurrentUserId()]"; //canEditTaskAssociationsMemberPermission.Criteria = new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canEditTaskAssociationsMemberPermission.AllowWrite = true; taskTypePermission.MemberPermissions.Add(canEditTaskAssociationsMemberPermission); SecuritySystemObjectPermissionsObject canyEditTasksFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canyEditTasksFromOwnDepartmentObjectPermission.Criteria = "AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canyEditTasksFromOwnDepartmentObjectPermission.Criteria = "AssignedTo.Department.Employees[Oid = CurrentUserId()]"; //canyEditTasksFromOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canyEditTasksFromOwnDepartmentObjectPermission.AllowNavigate = true; canyEditTasksFromOwnDepartmentObjectPermission.AllowWrite = true; canyEditTasksFromOwnDepartmentObjectPermission.AllowRead = true; taskTypePermission.ObjectPermissions.Add(canyEditTasksFromOwnDepartmentObjectPermission); SecuritySystemTypePermissionObject departmentTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); departmentTypePermission.TargetType = typeof(Department); userRole.TypePermissions.Add(departmentTypePermission); SecuritySystemObjectPermissionsObject canViewOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canViewOwnDepartmentObjectPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canViewOwnDepartmentObjectPermission.Criteria = "Employees[Oid=CurrentUserId()]"; //canViewOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canViewOwnDepartmentObjectPermission.AllowNavigate = true; canViewOwnDepartmentObjectPermission.AllowRead = true; canViewOwnDepartmentObjectPermission.Save(); departmentTypePermission.ObjectPermissions.Add(canViewOwnDepartmentObjectPermission); SecuritySystemMemberPermissionsObject canEditAssociationsMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); canEditAssociationsMemberPermission.Members = "Employees;"; canEditAssociationsMemberPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canEditAssociationsMemberPermission.Criteria = "Employees[Oid=CurrentUserId()]"; //canEditAssociationsMemberPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canEditAssociationsMemberPermission.AllowWrite = true; departmentTypePermission.MemberPermissions.Add(canEditAssociationsMemberPermission); } return(userRole); }