3.1.4.2.12 ICertAdminD2::GetOfficerRights (Opnum 42)
The GetOfficerRights method is used to retrieve the Officer rights, as specified in [CIMC-PP].
-
HRESULT GetOfficerRights( [in, string, unique] wchar_t const* pwszAuthority, [out] BOOL* pfEnabled, [out, ref] CERTTRANSBLOB* pctbSD );
pwszAuthority: See the pwszAuthority definition in section 3.1.4.1.1.
pfEnabled: A pointer to a Boolean value.
pctbSD: A pointer to the CERTTRANSBLOB structure that contains the marshaled information specified in section 2.2.1.11.1.
The following processing rules apply:
If the CA server does not support Enrollment Agent rights:
If no Officer rights are configured, the server MUST set the value of *pfEnabled to 0, the pb member of pctbSD to NULL, and the cb member to 0.
If Officer rights are configured on the CA server, the server MUST set the value of *pfEnabled to nonzero and return the marshaled data specified in section 2.2.1.11.1 in pctbSD.
If the CA server supports Enrollment Agent rights:
If no Officer rights are configured (Config_Permissions_Officer_Rights) and no Enrollment Agent rights (Config_Permissions_Enrollment_Agent_Rights) are configured on the CA server, then the server MUST set the value of *pfEnabled to 0 and the pb member of pctbSD MUST contain the marshaled data specified in section 2.2.1.11.1.
If no Officer rights are configured, but Enrollment Agent rights are configured on the CA server, then the server MUST set the value of *pfEnabled to 0 and pctbSD MUST contain the marshaled data specified in section 2.2.1.11.1.
If Officer rights are configured, but no Enrollment Agent rights are configured on the CA server, then the server MUST set the value of *pfEnabled to nonzero and the pb member of pctbSD MUST contain the marshaled data specified in section 2.2.1.11.1.
If Officer rights are configured and Enrollment Agent rights are configured on the CA server, then the server MUST set the value of *pfEnabled to nonzero and pctbSD MUST contain the marshaled data specified in section 2.2.1.11.1.