Export (0) Print
Expand All
Expand Minimize

AuthzInitializeResourceManager function

The AuthzInitializeResourceManager function uses Authz to verify that clients have access to various resources.

Syntax


BOOL WINAPI AuthzInitializeResourceManager(
  _In_      DWORD flags,
  _In_opt_  PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck,
  _In_opt_  PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups,
  _In_opt_  PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups,
  _In_      PCWSTR szResourceManagerName,
  _Out_     PAUTHZ_RESOURCE_MANAGER_HANDLE phAuthzResourceManager
);

Parameters

flags [in]

A DWORD value that defines how the resource manager is initialized. This parameter can contain the following values.

ValueMeaning
0

Default call to the function. The resource manager is initialized as the principal identified in the process token, and auditing is in effect. Note that unless the AUTHZ_RM_FLAG_NO_AUDIT flag is set, SeAuditPrivilege must be enabled for the function to succeed.

AUTHZ_RM_FLAG_NO_AUDIT

Auditing is not in effect. If this flag is set, the caller does not need to have SeAuditPrivilege enabled to call this function.

AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION

The resource manager is initialized as the identity of the thread token.

AUTHZ_RM_FLAG_NO_CENTRALIZED_ACCESS_POLICIES

The resource manager ignores CAP IDs and does not evaluate centralized access policies.

 

AUTHZ_RM_FLAG_NO_AUDIT and AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION can be bitwise-combined.

pfnAccessCheck [in, optional]

A pointer to the AuthzAccessCheckCallback callback function that the resource manager calls each time it encounters a callback access control entry (ACE) during access control list (ACL) evaluation in AuthzAccessCheck or AuthzCachedAccessCheck. This parameter can be NULL if no access check callback function is used.

pfnComputeDynamicGroups [in, optional]

A pointer to the AuthzComputeGroupsCallback callback function called by the resource manager during initialization of an AuthzClientContext handle. This parameter can be NULL if no callback function is used to compute dynamic groups.

pfnFreeDynamicGroups [in, optional]

A pointer to the AuthzFreeGroupsCallback callback function called by the resource manager to free security identifier (SID) attribute arrays allocated by the compute dynamic groups callback. This parameter can be NULL if no callback function is used to compute dynamic groups.

szResourceManagerName [in]

A string that identifies the resource manager. This parameter can be NULL if the resource manager does not need a name.

phAuthzResourceManager [out]

A pointer to the returned resource manager handle. When you have finished using the handle, free it by calling the AuthzFreeResourceManager function.

Return value

If the function succeeds, the function returns a nonzero value.

If the function fails, it returns a zero value. To get extended error information, call GetLastError.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Redistributable

Windows Server 2003 Administration Tools Pack on Windows XP

Header

Authz.h

Library

Authz.lib

DLL

Authz.dll

See also

Basic Access Control Functions
AuthzAccessCheck
AuthzCachedAccessCheck
AuthzFreeResourceManager

 

 

Community Additions

ADD
Show:
© 2014 Microsoft