MDAC 2.5 SDK - Technical Articles
In COM security, IAccessControl is usually implemented on the object whose access control is being governed. This does not work for OLE DB interfaces. Access control in OLE DB is applied to elements such as tables, columns, and procedures, which are not actual COM objects. OLE DB uses a new interface, IObjectAccessControl, which supports applying security to objects that are not COM objects. The IObjectAccessControl interface is generic enough that it can be applied to other types of security scenarios.
IAccessControl uses an ACTRL_ACCESS structure to represent the access being set or retrieved. In contrast, IObjectAccessControl uses the EXPLICIT_ACCESS structure defined by the Platform SDK security system because it is simpler and provides all the necessary functionality.
The following table shows how IAccessControl methods relate to IObjectAccessControl methods.
IAccessControl (COM) | IObjectAccessControl (OLE DB) |
GrantAccessRights | SetObjectAccessRights with grfAccessMode = GRANT_ACCESS |
SetAccessRights | SetObjectAccessRights with grfAccessMode = SET_ACCESS |
SetOwner | SetObjectOwner |
RevokeAccessRights | SetObjectAccessRights with grfAccessMode = REVOKE_ACCESS |
GetAllAccessRights | GetObjectAccessRights |
IsAccessAllowed | IsObjectAccessAllowed |
The following table shows how the ACCESS_MASK permission values defined in COM relate to the security bits defined in OLE DB.
OLE ACCESS_MASK Bit | OLE DB Security Bit |
0–15 Object Specific | 9 PERM_EXCLUSIVE
10 PERM_READDESIGN 11 PERM_WRITEDESIGN 12 PERM_WITHGRANT 13 PERM_REFERENCE 14 PERM_CREATE 15 PERM_INSERT |
16 DELETE | 16 PERM_DELETE |
17 READ_CONTROL | 17 PERM_READCONTROL |
18 WRITE_DAC | 18 PERM_WRITEPERMISSIONS |
19 WRITE_OWNER | 19 PERM_WRITEOWNER |
20 SYNCHRONIZE | N/A |
24 ACCESS_SYSTEM_SECURITY | N/A |
25 MAXIMUM_ALLOWED | 25 PERM_MAXIMUM_ALLOWED |
26–27 Reserved | N/A |
28 GENERIC_ALL | 28 PERM_ALL |
29 GENERIC_EXECUTE | 29 PERM_EXECUTE |
30 GENERIC_WRITE | 30 PERM_WRITE |
31 GENERIC_READ | 31 PERM_READ |