| Platform SDK: Active Directory, ADSI, and Directory Services |
The following code fragment contains a function that creates an ACE that assigns read access to all properties of the object to the specified trustee:
//Create an ACE that assigns read property rights to all properties on the object.
//This ACE is not inherited, that is, it applies only to the current object.
HRESULT CreateAceEffectiveReadAllProperties(
LPOLESTR szTrustee,
IDispatch **ppDispACE)
{
HRESULT hr = E_FAIL;
IADsAccessControlEntry *pACE = NULL;
//Create the COM object for the new ACE.
hr = CoCreateInstance(
CLSID_AccessControlEntry,
NULL,
CLSCTX_INPROC_SERVER,
IID_IADsAccessControlEntry,
(void **)&pACE
);
if (SUCCEEDED(hr))
{
//Set the properties of the new ACE.
//Set the access mask containing the rights to assign.
//This function assigns read property rights.
hr = pACE->put_AccessMask(ADS_RIGHT_DS_READ_PROP);
//Set the trustee.
hr = pACE->put_Trustee( szTrustee );
//Set AceType
hr = pACE->put_AceType( ADS_ACETYPE_ACCESS_ALLOWED );
//For this function, set AceFlags so that ACE is not inherited by child objects.
//You can set AceFlags to 0 or let it default to 0 by not calling put_AceFlags.
hr = pACE->put_AceFlags(0);
//For this function, set ObjectType to NULL because the right applies to all properties
//and set Flags to 0. You can also not call these two methods and let them default to NULL.
hr = pACE->put_ObjectType( NULL );
hr = pACE->put_Flags(0);
//Is not inherited, so set object type to NULL or let it default to NULL by not calling the method.
hr = pACE->put_InheritedObjectType( NULL );
//Need to QI for IDispatch pointer to pass to the AddAce method.
hr = pACE->QueryInterface(IID_IDispatch,(void**)ppDispACE);
}
return hr;
}