Platform SDK: Active Directory, ADSI, and Directory Services

IADsAccessControlEntry

The IADsAccessControlEntry interface enables directory clients to access and manipulate individual access-control entries (ACEs) of the owning object. An ACE stipulates who can access the object and what type of access will be granted. It also specifies whether the access control settings can be propagated from the object to any of its children. An ACE exposes a set of properties through this interface to provide such services.

An object can have a number of ACEs, one for each client or a group of clients. ACEs are maintained in an access-control list (ACL) which implements the IADsAccessControlList interface. This means that a client needs to go through an ACL in order to access ACEs. To access the ACL, one must obtain the object's security descriptor that implements the IADsSecurityDescriptor interface. The general procedure to manage access controls over an ADSI object involves the following steps:

  1. Obtain the security descriptor of the object of interest.
  2. Retrieve an ACL from the security descriptor.
  3. Work with ACEs in the ACL.

To make any new or modified ACEs persistent:

  1. Add the ACEs to the ACL
  2. Assign the ACL to the security descriptor
  3. Commit the security descriptor to the directory store.

The IADsAccessControlEntry interface is a dual interface and exposes the following property methods.

Methods in Vtable Order

IUnknown methods Description
QueryInterface Returns pointers to supported interfaces.
AddRef Increments reference count.
Release Decrements reference count.

IDispatch methods Description
GetTypeInfoCount Gets the number of type descriptions.
GetTypeInfo Gets a description of object's programmable interface.
GetIDsOfNames Maps name of method or property to DISPID.
Invoke Calls one of the object's methods, or gets/sets one of its properties.

IADsAccessControlEntry property methods Description
get/put_AccessMask Gets/sets the access mask for an ACE.
get/put_AceType Gets/sets the ACE type.
get/put_AceFlags Gets/sets ACE flag values.
get/put_Flags Gets/sets flag values.
get/put_ObjectType Gets/sets the object type.
get/put_InheritedObjectType Gets/sets the inherited object type.
get/put_Trustee Gets/sets the trustee.

Requirements

  Windows NT/2000: Requires Windows 2000 (or Windows NT 4.0 with DSClient).
  Windows 95/98: Requires Windows 95 or later (with DSClient).
  Header: Declared in Iads.h.

See Also

IAccessControlList, IADsSecurityDescriptor

Built on Tuesday, February 08, 2000