Platform SDK: Active Directory, ADSI, and Directory Services

IADsSecurityDescriptor Property Methods

The property methods of the IADsSecurityDescriptor interface get or set the properties described in the following table. For more information, see Interface Property Methods.

Properties in Vtable Order

Property Description
Revision

[Visual Basic]
Access: Read/Write
Data Type: LONG

[C++]
HRESULT get_Revision
(
[out] LONG *plRevision);


HRESULT put_Revision
(
[in] LONG lRevision);

Revision level of the security descriptor. This value is taken from the Win32 ACL_REVISION_INFORMATION structure. All ACEs in an ACL must be at the same revision level.
Control

[Visual Basic]
Access: Read/Write
Data Type: LONG

[C++]
HRESULT get_Control
([out] LONG *plControl);


HRESULT put_Control
([in] LONG lControl);

Flags that qualify the meaning of the security descriptor. Values are taken from the Win32 SECURITY_DESCRIPTOR_CONTROL structure.
Owner

[Visual Basic]
Access: Read/Write
Data Type: BSTR

[C++]
HRESULT get_Owner
([out] BSTR *pbstrOwnerl);


HRESULT put_Owner
([in] BSTR bstrOwner);

Owner of the object.
OwnerDefaulted

[Visual Basic]
Access: Read/Write
Data Type: VARIANT_BOOL

[C++]
HRESULT get_OwnerDefaulted
([out] VARIANT_BOOL *fOwnerDefaulted);


HRESULT put_OwnerDefaulted
([in] VARIANT_BOOL fOwnerDefaulted);

A flag of the BOOL type to indicate if the owner information is derived from a default mechanism, rather than by the original provider of the security descriptor explicitly.
Group

[Visual Basic]
Access: Read/Write
Data Type: BSTR

[C++]
HRESULT get_Group
(BSTR *pbstrGroupl);


HRESULT put_Group
(BSTR bstrGroup);

Group to which the owner's security ID belongs.
GroupDefaulted

[Visual Basic]
Access: Read/Write
Data Type: VARIANT_BOOL

[C++]
HRESULT get_GroupDefaultedY
([out] VARIANT_BOOL *fGroupDefaulted);


HRESULT put_GroupDefaulted
([out] VARIANT_BOOL fGroupDefaulted);

A flag of the BOOL type to indicate if the group information is derived from a default mechanism, rather than by the original provider of the security descriptor explicitly.
DiscretionaryAcl

[Visual Basic]
Access: Read/Write
Data Type: IDISPATCH

[C++]
HRESULT get_DiscretionaryAcl
([out] IDispatch **ppIDispDACL);


HRESULT put_DiscretionaryAcl
([in] IDispatch *pIDispDACL);

Discretionary access-control list that specifies types of access allowed to the object for specified users and groups.
DaclDefaulted

[Visual Basic]
Access: Read/Write
Data Type: VARIANT_BOOL

[C++]
HRESULT get_DaclDefaulted
([out] VARIANT_BOOL *fDaclDefaulted);


HRESULT put_DaclDefaulted
([out] VARIANT_BOOL fDaclDefaulted);

A flag of the BOOL type to indicate if the DACL is derived from a default mechanism, rather than by the original provider of the security descriptor explicitly. For example, if an object's creator does not specify a DACL, the object receives the default DACL from the creator's access token. This flag can affect how the system treats the DACL, with respect to ACE inheritance. The system ignores this flag if the SE_DACL_PRESENT flag is not set.
SystemAcl

[Visual Basic]
Access: Read/Write
Data Type: IDISPATCH

[C++]
HRESULT get_SystemAcl
([out] IDispatch **ppIDispSACL);


HRESULT put_SystemAcl
([in] IDispatch *pIDispSACL);

System access-control list used to generate audit records for the object.
SaclDefaulted

[Visual Basic]
Access: Read/Write
Data Type: VARIANT_BOOL

[C++]
HRESULT get_SaclDefaulted
([out] VARIANT_BOOL *fSaclDefaulted);


HRESULT put_SaclDefaulted
([out] VARIANT_BOOL fSaclDefaulted);

A flag of the BOOL type to indicate if the SACL is derived from a default mechanism, rather than by the original provider of the security descriptor explicitly. This flag can affect how the system treats the SACL, with respect to ACE inheritance. The system ignores this flag if the SE_SACL_PRESENT flag is not set.

Example Code [Visual Basic]

Dim ou As IADs
Dim sd As IADsSecurityDescriptor
Dim dacl As IADsAccessControlList
Dim sacl As IADsAccessControlList
 
 
Set ou = GetObject("LDAP://OU=Sales,DC=Fabrikam,DC=com")
Set sd = ou.Get("ntSecurityDescriptor")
Debug.Print sd.Owner
Debug.Print sd.Group
Debug.Print sd.Owner
Debug.Print sd.Revision
Set dacl = sd.DiscretionaryAcl
Set sacl = sd.SystemAcl

Example Code [C++]

For C++ code snippet demonstrating how to work the property methods of a security descriptor, see the introductory discussion of the IADsSecurityDescriptor interface.

See Also

IADsAccessControlEntry, IADsAccessControlList