Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AF SDK Reference

AFSecurity.CheckSecurity Method (IList(AFSecurityIdentity), String)

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

AFSecurity.CheckSecurity Method (IList(AFSecurityIdentity), String)

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJan 12, 2026
  • 5 minute read
AFSecurity.CheckSecurity Method (IList(AFSecurityIdentity), String)
Evaluate the AFSecurityRights for the specified list of security identities for a user.

Namespace:  OSIsoft.AF
Assembly:  OSIsoft.AFSDK (in OSIsoft.AFSDK.dll) Version: 3.2.0.7

Syntax

public AFSecurityRights CheckSecurity(
	IList<AFSecurityIdentity> userIdentities,
	string userName = null
)
Public Function CheckSecurity ( 
	userIdentities As IList(Of AFSecurityIdentity),
	Optional userName As String = Nothing
) As AFSecurityRights

Dim instance As AFSecurity
Dim userIdentities As IList(Of AFSecurityIdentity)
Dim userName As String
Dim returnValue As AFSecurityRights

returnValue = instance.CheckSecurity(userIdentities, 
	userName)
public:
AFSecurityRights CheckSecurity(
	IList<AFSecurityIdentity^>^ userIdentities, 
	String^ userName = nullptr
)
member CheckSecurity : 
        userIdentities : IList<AFSecurityIdentity> * 
        ?userName : string 
(* Defaults:
        let _userName = defaultArg userName null
*)
-> AFSecurityRights

Parameters

userIdentities
Type: System.Collections.GenericIListAFSecurityIdentity
The list of AFSecurityIdentity identities of the user for the security rights to be checked.
userName (Optional)
Type: SystemString
The user name for the owner associated with the specified userIdentities to be used when evaluating the owner security identity rights. If , then the owner security identity rights will not be evaluated.

Return Value

Type: AFSecurityRights
Returns the AFSecurityRights corresponding to the specified list of security identities for a user.

Exceptions

ExceptionCondition
NotSupportedException This exception is thrown if the server does not support the SecurityIdentity feature.

Remarks

This method will evaluate and return the security rights for the object based upon the specified list of security identities. This list can be obtained by calling the GetUserIdentities(PISystem, WindowsIdentity) method and then later check the security permissions at a later time based upon the user's identities. The security rights are evaluated in the client and therefore has better performance if the security identities are already known for the user.

Examples

This example shows how to call CheckSecurity for a single user on a single object or with a bulk call on several objects. 
// Get the Database
PISystems myPISystems = new PISystems();
PISystem myPISystem = myPISystems.DefaultPISystem;
AFDatabase myDB = myPISystem.Databases.DefaultDatabase;

// Create the Elements
List<AFElement> elements = new List<AFElement>();
AFElement myElement1 = myDB.Elements.Add("MyElement#1");
myElement1.CheckIn();
elements.Add(myElement1);
AFElement myElement2 = myDB.Elements.Add("MyElement#2");
myElement2.CheckIn();
elements.Add(myElement2);

// Obtain the WindowsIdentity of an impersonated user. This
//   can be done with the following code if the current thread
//   has impersonated a user.
//  WindowsIdentity user = WindowsIdentity.GetCurrent();
// Obtain the WindowsIdentity of a different domain user. This
//   can be done with the following code.
//  WindowsIdentity user = new WindowsIdentity("username@domain");
string userName = @"domain\username";
IList<AFSecurityIdentity> userIdentities;
using (WindowsIdentity user = windowsIdentityOfADifferentUser)
{
    // Get Security Identities of a Different User
    userName = user.Name;
    userIdentities = AFSecurity.GetUserIdentities(myPISystem, user);
}

// Check Security Rights of a Different User
AFSecurity security1 = myElement1.Security;
AFSecurityRights rights = security1.CheckSecurity(userIdentities, userName);
Console.WriteLine("SecurityRights for '{0}': '{1}'", myElement1.Name, rights);
Console.WriteLine("    CanRead={0}", rights.CanRead());
Console.WriteLine("    CanWrite={0}", rights.CanWrite());
Console.WriteLine();

// Check Security Rights of a Different User in Bulk
List<AFSecurityRightsToken> tokens = new List<AFSecurityRightsToken>();
tokens.Add(security1.Token);
tokens.Add(myElement2.Security.Token);
IDictionary<Guid, AFSecurityRights> rightsDict =
    AFSecurity.CheckSecurity(myPISystem, userIdentities, tokens, userName);
int notFoundCount = 0;
foreach (AFElement element in elements)
{
    if (rightsDict.TryGetValue(element.ID, out rights))
    {
        Console.WriteLine("SecurityRights for '{0}': '{1}'", element.Name, rights);
        Console.WriteLine("    CanRead={0}", rights.CanRead());
        Console.WriteLine("    CanWrite={0}", rights.CanWrite());
        Console.WriteLine();
    }
    else
    {
        notFoundCount++;
    }
}
This example shows how to search for the object's Security Token and make a bulk call to check security on several objects for the current user. 
// Get the Database
PISystems myPISystems = new PISystems();
PISystem myPISystem = myPISystems.DefaultPISystem;
if (myPISystem == null)
    throw new InvalidOperationException("Default PISystem was not found.");
AFDatabase myDB = myPISystem.Databases[dbName];
if (myDB == null)
    throw new InvalidOperationException("Database was not found.");

// Create a search to find all the event frames created from the 'Event'
// template and its 'Level' attribute value is less than 90.
int count;
using (var search = new AFEventFrameSearch(myDB, "FindEventFields", @"Template:'Event' |Level:<90.0"))
{
    search.CacheTimeout = TimeSpan.FromMinutes(10);

    // Do the search
    // 
    // Return event frame security tokens as list and check security for current user.
    count = 0;
    var foundItems4 = search.FindObjectFields("SecurityToken", i => (AFSecurityRightsToken)i[0]);
    Console.WriteLine("Find Object SecurityTokens and Check Security:");
    foreach (var tokenList in foundItems4.ChunkedBy(500))
    {
        // Check Security using Windows Identity.
        var rights = AFSecurity.CheckSecurity(myPISystem, WindowsIdentity.GetCurrent(), tokenList);
        foreach (var rightsItem in rights)
        {
            Console.WriteLine($"  Security Rights for '{myPISystem.CurrentUserName}': {rightsItem.Key} = {rightsItem.Value}");
        }

        // Check Security using Identities.
        rights = AFSecurity.CheckSecurity(myPISystem, myPISystem.CurrentUserIdentities, tokenList, myPISystem.CurrentUserName);
        foreach (var rightsItem in rights)
        {
            Console.WriteLine($"  Security Rights for '{myPISystem.CurrentUserIdentityString}': {rightsItem.Key} = {rightsItem.Value}");
        }
        count += tokenList.Count;
    }
    Console.WriteLine("Found {0} EventFrames.", count);
}

Version Information

AFSDK

Supported in: 3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0, 2.10.11, 2.10.5, 2.10.0, 2.10, 2.9.5, 2.9

See Also

In This Topic
TitleResults for “How to create a CRG?”Also Available in