1.  Open SQL Server Management Studio.
  2. Connect using Windows authentication to the local database.
  3. Right click on EdFi_Security database and open a New Query window.

  4. Copy the following sql statements to the query window.

    1. --Assign 'CREATE' action to Resource 'AcademicSubjectDescriptor' to ClaimSet 'SISVendor'
      --Add a Resource and Action to a Claim Set
      USE EdFi_Security
      GO

      DECLARE @actionName nvarchar(255)
      DECLARE @claimSetName nvarchar(255)
      DECLARE @resourceName nvarchar(255)

      SET @actionName = 'create'
      SET @claimSetName = 'SIS Vendor'
      SET @resourceName = 'academicSubjectDescriptor'

      DECLARE @actionId int
      DECLARE @claimSetId int
      DECLARE @resourceClaimId int

      SELECT @actionId = ActionId FROM Actions WHERE ActionName = @actionName
      SELECT @claimSetId = ClaimSetId FROM ClaimSets WHERE ClaimSetName = @claimSetName
      SELECT @resourceClaimId = ResourceClaimId FROM ResourceClaims WHERE ResourceName = @resourceName
      INSERT INTO ClaimSetResourceClaims
      (Action_ActionId, ClaimSet_ClaimSetId, ResourceClaim_ResourceClaimId)
      VALUES
      (@actionId, @claimSetId, @resourceClaimId)

      select * from ClaimSets

      select * from Actions

      select * from ResourceClaims

      select * from ResourceClaims where ResourceName like '%academicsubject%'

      select cr.* from ClaimSetResourceClaims cr, ResourceClaims r where r.ResourceName like '%academicsubjectDesc%'
      and r.ResourceClaimId = cr.ResourceClaim_ResourceClaimId


      --------------------------------------------------------------------------------------------------------------------------------------

      --Add a Resource and Action to an Authentication Strategy
      --Assign 'CREATE' action to Resource 'AcademicSubjectDescriptor' for the authorization strategy 'ManagedResource'
      --The authorization strategy is 'NameSpace Based' for CREATE but we are changing it to ManagedResource for CREATE action
      --ResourceClaimAuthorizationMetadatas table is the metadata table that links ResourceClaim + Action + AuthorizationStrategy

      USE EdFi_Security
      GO

      DECLARE @actionName nvarchar(255)
      DECLARE @authorizationStrategyName nvarchar(255)
      DECLARE @resourceName nvarchar(255)

      SET @actionName = 'create'
      SET @authorizationStrategyName = 'RelationshipsWithEdOrgsOnly'
      SET @resourceName = 'academicSubjectDescriptor'

      DECLARE @actionId int
      DECLARE @authorizationStrategyId int
      DECLARE @resourceClaimId int

      SELECT @actionId = ActionId FROM Actions WHERE ActionName = @actionName

      SELECT @authorizationStrategyId = AuthorizationStrategyId
      FROM AuthorizationStrategies
      WHERE AuthorizationStrategyName = @authorizationStrategyName

      SELECT @resourceClaimId = ResourceClaimId
      FROM ResourceClaims
      WHERE ResourceName = @resourceName

      INSERT INTO ResourceClaimAuthorizationMetadatas
      (Action_ActionId, AuthorizationStrategy_AuthorizationStrategyId, ResourceClaim_ResourceClaimId)
      VALUES
      (@actionId, @authorizationStrategyId, @resourceClaimId)


      select * from ResourceClaimAuthorizationMetadatas
      ------------------------------------------------------------------------------------------------------------------------------------------
      5.  You need to build the GenerateSecurityGraphs solution file in Visual Studio again.  

      Run GenerateSecurityGraphs.exe located in C:\src\EFA\Ed-Fi-ODS\Utilities\GenerateSecurityGraphs\GenerateSecurityGraphs\bin\Debug
      GenerateSecurityGraphs.exe -o "C:\graphs" -f

    2. Open command prompt and navigate to location C:\src\EFA\Ed-Fi-ODS\Utilities\GenerateSecurityGraphs\GenerateSecurityGraphs\bin\Debug.


  5.   Look at the systemDescriptor.svg file, you will see that CREATE is applied to AcademicSubjectDescriptor with an AuthorizationStrategy of RelationshipsWithEdOrgsOnly
  • No labels