In order to ensure that the applied restrictions work as expected, your application must assign security domains to shapes, diagrams etc. Just set the SecurityDomain property to the desired value A to Z. Here is a couple of rules that can help you in assigning reasonable security domains. They are based on the assumed permission configuration from the previous section.
a)Shapes that are created programmatically must not be modified by users in most cases. You can assign them security domain Z. Due to the fact that no user role has access granted for domain Z, the user will not be able to modify these shapes.
b)All diagrams (which implement ISecurityDomainObject as well) created programmatically could be assigned to security domain D. This way, the user will be able to modify the background - but nothing else.
c)Shapes which the user should be able to move, can be assigned to security domain C.
d)All lines are assigned to security domain B. This way, they can be moved and connected by the operator user.
e)Shapes with templates in the ToolBox keep their default security domain 'A'. It provides nearly full access. Only the visual appearance is locked. Because they are in the toolbox the user must be able to insert and delete them.
f)For internal actions in your program, consider using the methods provided by the appropriate controllers. These methods make sure that the user's permissions are checked before execution:
oDesignController for editing designs and styles
oDiagramSetController actions for working with diagram and shapes
oLayerController for editing layers
oModelController for editing model and model objects
oPropertyController for editing shape and diagram properties
oTemplateController for editing templates
oToolSetController for editing tools