Setting a Security Level for Access Checks

Once access checks are enabled, you must select the level at which you wish to have access checks performed:

• Perform access checks only at the process level — Indicates that users in roles that are assigned to the application will be added to the process security descriptor (ACL). This has several effects and implications:

  Fine-grained role checking is turned off at the component, method, and interface levels. Security checks are performed only at the application level.

  The security property is not included on the context for any objects running within the application. This can potentially affect how objects are activated. See Security Context Property.

  The security call context will not be made available. Programmatic security that relies on security call context information will not function. See Security Call Context Information.

• Perform access checks at the process and component level — Indicates that process-level security descriptor checks, as well as full role-based security checks, will be performed. This has several effects and implications:

  To enable role checking for particular components, you must enable access checks at the component level.

  The security property is included on the context for any objects running within the application. This can potentially affect how objects are activated. See Security Context Property.

  The security call context is available. Programmatic role-based security is enabled. See Security Call Context Information.

  Note  For COM+ library applications, you must choose to check at both process and component levels for any meaningful access checking to work. Library applications rely on the host process for process-level security. You can determine how the library application interacts with authentication performed by the host process by setting authentication. For more information, see Securing Library Applications.

To select a security level

1. In the console tree of the Component Services administrative tool, right-click the COM+ application for which you want to enable access checks, and then click Properties.
2. In the application properties dialog box, click the Security tab.
3. Select either Perform access checks only at the process level or Perform access checks at the process and component level.
4. Click OK.

The next time the application is started, security will automatically be checked at the specified level. Only users assigned to roles assigned to the application will be given access to the application.