AFSecurity.CheckSecurity Method (PISystem, IList(AFSecurityIdentity), IList(AFSecurityRightsToken), String)
- Last UpdatedNov 18, 2025
- 7 minute read
- PI System
- AF SDK 2024 R2
- Developer
Evaluate the AFSecurityRights for the security identities of a user for a list of
objects without needing to load the object.
Namespace: OSIsoft.AF
Assembly: OSIsoft.AFSDK (in OSIsoft.AFSDK.dll) Version: 3.1.1.1182
Syntax
public static IDictionary<Guid, AFSecurityRights> CheckSecurity( PISystem system, IList<AFSecurityIdentity> userIdentities, IList<AFSecurityRightsToken> tokens, string userName = null )
Public Shared Function CheckSecurity ( system As PISystem, userIdentities As IList(Of AFSecurityIdentity), tokens As IList(Of AFSecurityRightsToken), Optional userName As String = Nothing ) As IDictionary(Of Guid, AFSecurityRights) Dim system As PISystem Dim userIdentities As IList(Of AFSecurityIdentity) Dim tokens As IList(Of AFSecurityRightsToken) Dim userName As String Dim returnValue As IDictionary(Of Guid, AFSecurityRights) returnValue = AFSecurity.CheckSecurity(system, userIdentities, tokens, userName)
public: static IDictionary<Guid, AFSecurityRights>^ CheckSecurity( PISystem^ system, IList<AFSecurityIdentity^>^ userIdentities, IList<AFSecurityRightsToken>^ tokens, String^ userName = nullptr )
static member CheckSecurity : system : PISystem * userIdentities : IList<AFSecurityIdentity> * tokens : IList<AFSecurityRightsToken> * ?userName : string (* Defaults: let _userName = defaultArg userName null *) -> IDictionary<Guid, AFSecurityRights>
Parameters
- system
- Type: OSIsoft.AFPISystem
The PISystem being used to check each object's security. It must be the sever where the object being checked is saved. - userIdentities
- Type: System.Collections.GenericIListAFSecurityIdentity
The list of AFSecurityIdentity identities of the user for the security rights to be checked. - tokens
- Type: System.Collections.GenericIListAFSecurityRightsToken
The list of security rights tokens that should be checked for the specified security identities. - userName (Optional)
- Type: SystemString
The user name for the owner associated with the specified userIdentities to be used when evaluating the owner security identity rights. If , then the owner security identity rights will not be evaluated.
Return Value
Type: IDictionaryGuid, AFSecurityRightsReturns a dictionary of AFSecurityRights with the ObjectId as the key for the specified user for each object represented by the list of security rights tokens. Returns if the tokens parameter is .
Exceptions
| Exception | Condition |
|---|---|
| NotSupportedException | This exception is thrown if the server does not support the SecurityIdentity feature. |
Remarks
This method will evaluate and return the security rights for the object based upon the specified list of security identities. This list can be obtained by calling the GetUserIdentities(PISystem, WindowsIdentity) method and then later check the security permissions at a later time based upon the user's identities. The security rights are evaluated in the client and therefore has better performance if the security identities are already known for the user.
Examples
This example shows how to call CheckSecurity for a single user on a single object
or with a bulk call on several objects.
This example shows how to search for the object's Security Token and make a bulk
call to check security on several objects for the current user.
// Get the Database PISystems myPISystems = new PISystems(); PISystem myPISystem = myPISystems.DefaultPISystem; AFDatabase myDB = myPISystem.Databases.DefaultDatabase; // Create the Elements List<AFElement> elements = new List<AFElement>(); AFElement myElement1 = myDB.Elements.Add("MyElement#1"); myElement1.CheckIn(); elements.Add(myElement1); AFElement myElement2 = myDB.Elements.Add("MyElement#2"); myElement2.CheckIn(); elements.Add(myElement2); // Obtain the WindowsIdentity of an impersonated user. This // can be done with the following code if the current thread // has impersonated a user. // WindowsIdentity user = WindowsIdentity.GetCurrent(); // Obtain the WindowsIdentity of a different domain user. This // can be done with the following code. // WindowsIdentity user = new WindowsIdentity("username@domain"); string userName = @"domain\username"; IList<AFSecurityIdentity> userIdentities; using (WindowsIdentity user = windowsIdentityOfADifferentUser) { // Get Security Identities of a Different User userName = user.Name; userIdentities = AFSecurity.GetUserIdentities(myPISystem, user); } // Check Security Rights of a Different User AFSecurity security1 = myElement1.Security; AFSecurityRights rights = security1.CheckSecurity(userIdentities, userName); Console.WriteLine("SecurityRights for '{0}': '{1}'", myElement1.Name, rights); Console.WriteLine(" CanRead={0}", rights.CanRead()); Console.WriteLine(" CanWrite={0}", rights.CanWrite()); Console.WriteLine(); // Check Security Rights of a Different User in Bulk List<AFSecurityRightsToken> tokens = new List<AFSecurityRightsToken>(); tokens.Add(security1.Token); tokens.Add(myElement2.Security.Token); IDictionary<Guid, AFSecurityRights> rightsDict = AFSecurity.CheckSecurity(myPISystem, userIdentities, tokens, userName); int notFoundCount = 0; foreach (AFElement element in elements) { if (rightsDict.TryGetValue(element.ID, out rights)) { Console.WriteLine("SecurityRights for '{0}': '{1}'", element.Name, rights); Console.WriteLine(" CanRead={0}", rights.CanRead()); Console.WriteLine(" CanWrite={0}", rights.CanWrite()); Console.WriteLine(); } else { notFoundCount++; } }
' Get the Database Dim myPISystems As New PISystems Dim myPISystem As PISystem = myPISystems.DefaultPISystem Dim myDB As AFDatabase = myPISystem.Databases.DefaultDatabase ' Create the Elements Dim elements As New List(Of AFElement)() Dim myElement1 As AFElement = myDB.Elements.Add("MyElement#1") myElement1.CheckIn() elements.Add(myElement1) Dim myElement2 As AFElement = myDB.Elements.Add("MyElement#2") myElement2.CheckIn() elements.Add(myElement2) ' Obtain the WindowsIdentity of an impersonated user. This ' can be done with the following code if the current thread ' has impersonated a user. ' Dim user As WindowsIdentity = WindowsIdentity.GetCurrent() ' Obtain the WindowsIdentity of a different domain user. This ' can be done with the following code. ' Dim user As WindowsIdentity = New WindowsIdentity("username@domain") Dim userName As String = "domain\username" Dim userIdentities As IList(Of AFSecurityIdentity) Using user As WindowsIdentity = windowsIdentityOfADifferentUser ' Get Security Identities of a Different User userName = user.Name userIdentities = AFSecurity.GetUserIdentities(myPISystem, user) End Using ' Check Security Rights of a Different User Dim security1 As AFSecurity = myElement1.Security Dim rights As AFSecurityRights = security1.CheckSecurity(userIdentities, userName) Console.WriteLine("SecurityRights for '{0}': '{1}'", myElement1.Name, rights) Console.WriteLine(" CanRead={0}", rights.CanRead()) Console.WriteLine(" CanWrite={0}", rights.CanWrite()) Console.WriteLine() ' Check Security Rights of a Different User in Bulk Dim tokens As New List(Of AFSecurityRightsToken)() tokens.Add(security1.Token) tokens.Add(myElement2.Security.Token) Dim rightsDict As IDictionary(Of Guid, AFSecurityRights) = AFSecurity.CheckSecurity(myPISystem, userIdentities, tokens, userName) Dim notFoundCount As Integer = 0 For Each element As AFElement In elements If rightsDict.TryGetValue(element.ID, rights) Then Console.WriteLine("SecurityRights for '{0}': '{1}'", element.Name, rights) Console.WriteLine(" CanRead={0}", rights.CanRead()) Console.WriteLine(" CanWrite={0}", rights.CanWrite()) Console.WriteLine() Else notFoundCount += 1 End If Next
No code example is currently available or this language may not be supported.
No code example is currently available or this language may not be supported.
// Get the Database PISystems myPISystems = new PISystems(); PISystem myPISystem = myPISystems.DefaultPISystem; if (myPISystem == null) throw new InvalidOperationException("Default PISystem was not found."); AFDatabase myDB = myPISystem.Databases[dbName]; if (myDB == null) throw new InvalidOperationException("Database was not found."); // Create a search to find all the event frames created from the 'Event' // template and its 'Level' attribute value is less than 90. int count; using (var search = new AFEventFrameSearch(myDB, "FindEventFields", @"Template:'Event' |Level:<90.0")) { search.CacheTimeout = TimeSpan.FromMinutes(10); // Do the search // // Return event frame security tokens as list and check security for current user. count = 0; var foundItems4 = search.FindObjectFields("SecurityToken", i => (AFSecurityRightsToken)i[0]); Console.WriteLine("Find Object SecurityTokens and Check Security:"); foreach (var tokenList in foundItems4.ChunkedBy(500)) { // Check Security using Windows Identity. var rights = AFSecurity.CheckSecurity(myPISystem, WindowsIdentity.GetCurrent(), tokenList); foreach (var rightsItem in rights) { Console.WriteLine($" Security Rights for '{myPISystem.CurrentUserName}': {rightsItem.Key} = {rightsItem.Value}"); } // Check Security using Identities. rights = AFSecurity.CheckSecurity(myPISystem, myPISystem.CurrentUserIdentities, tokenList, myPISystem.CurrentUserName); foreach (var rightsItem in rights) { Console.WriteLine($" Security Rights for '{myPISystem.CurrentUserIdentityString}': {rightsItem.Key} = {rightsItem.Value}"); } count += tokenList.Count; } Console.WriteLine("Found {0} EventFrames.", count); }
' Get the Database Dim myPISystems As New PISystems() Dim myPISystem As PISystem = myPISystems.DefaultPISystem If myPISystem Is Nothing Then Throw New InvalidOperationException("Default PISystem was not found.") End If Dim myDB As AFDatabase = myPISystem.Databases(dbName) If myDB Is Nothing Then Throw New InvalidOperationException("Database was not found.") End If ' Create a search to find all the event frames created from the 'Event' ' template and its 'Level' attribute value is less than 90. Dim count As Integer Using search As New AFEventFrameSearch(myDB, "FindEventFields", "Template:'Event' |Level:<90.0") search.CacheTimeout = TimeSpan.FromMinutes(10) ' Do the search ' Return event frame security tokens as list and check security for current user. count = 0 Dim foundItems4 = search.FindObjectFields("SecurityToken", Function(i) CType(i(0), AFSecurityRightsToken)) Console.WriteLine("Find Object SecurityTokens and Check Security:") For Each tokenList In foundItems4.ChunkedBy(500) ' Check Security using Windows Identity. Dim rights = AFSecurity.CheckSecurity(myPISystem, WindowsIdentity.GetCurrent, tokenList) For Each rightsItem In rights Console.WriteLine($" Security Rights for '{myPISystem.CurrentUserName}': {rightsItem.Key} = {rightsItem.Value}") Next ' Check Security using Identities. rights = AFSecurity.CheckSecurity(myPISystem, myPISystem.CurrentUserIdentities, tokenList, myPISystem.CurrentUserName) For Each rightsItem In rights Console.WriteLine($" Security Rights for '{myPISystem.CurrentUserIdentityString}': {rightsItem.Key} = {rightsItem.Value}") Next count = (count + tokenList.Count) Next Console.WriteLine("Found {0} EventFrames.", count) End Using
No code example is currently available or this language may not be supported.
No code example is currently available or this language may not be supported.