MDAC 2.5 SDK - Technical Articles

Providing General Security Information Using ISecurityInfo

The data provider implements the ISecurityInfo interface so that consumers can discover some general information about the security in the data store. The ISecurityInfo interface has the following methods that allow the consumer to identify the current trustee, to determine which types of database objects support security, and to determine which permissions are available for those objects:

• ISecurityInfo::GetCurrentTrustee   This method allows the consumer to identify the trustee currently connected to the data source object. Knowing the current trustee is important when performing some trustee administration and access control administration tasks. The data provider responds to GetCurrentTrustee by allocating memory for a TRUSTEE structure and returning a pointer to the structure. The consumer must free the structure when it is finished using it.
  
  
• ISecurityInfo::GetObjectTypes   This method allows the consumer to determine which types of database objects in the data store support access control structures for authorization. In response to GetObjectTypes, the data provider creates an array of GUIDs, each of which represents an object that supports access control. These object type GUIDs are listed in the programmer's reference section of this guide. The consumer releases the array when it is finished using it.
  
  
• ISecurityInfo::GetPermissions   This method allows consumers to discover the permissions that are available for a given type of object rather than for a specific object. The data provider responds to GetPermissions by filling out an ACCESS_MASK structure passed into the method. Use the ACCESS_MASK constants listed in the programmer's reference section of this guide to examine and change the ACCESS_MASK structure.

Most other useful security information can be determined through the trustee administration and access control administration tasks.