AMO Security Classes
This topic contains the following sections:
The following illustration shows the relationship of the classes that are explained in this topic.
A Role object is created by adding it to the roles collection of the database, and updating the Role object to the server by using the Update method. A Role object has to be updated before it can be used.
To remove a Role object, it has to be dropped by using the Drop method of the Role object. The Remove method, from the roles collection, only prevents you from seeing the role in your application, but it does not remove the role from the server. A Role object cannot be dropped if there are any permissions associated with it.
A RoleMember object is created by adding a user to the members collection of the role and updating the Role object to the server by using the Update method. Only Server Administrators or Database Administrators are permitted to create roles. A Role object has to be updated to the server before any of its members is allowed to use any the objects to which the user has been granted permission.
To remove a RoleMember object, it has to be removed from the collection by using the Remove method of the collection, and then updating the role by using the Update method.
To remove a Permission object, it has to be dropped by using the Drop method of the object. The remove method, from the permissions collection, only prevents you from seeing the permission in your application, but it does not remove the Permission object from the server. A role cannot be deleted if there is any permission associated with it.