Authorization Interfaces

The following interfaces are used with authorization applications.

In this section

Topic	Description
IAzApplication	Defines an installed instance of an application. An IAzApplication object is created when an application is installed.
IAzApplication2	Inherits from the IAzApplication interface and implements additional methods to initialize IAzClientContext2 objects.
IAzApplication3	Provides methods to manage IAzRoleAssignment, IAzRoleDefinition, and IAzScope2 objects.
IAzApplications	Represents a collection of IAzApplication objects.
IAzApplicationGroup	Defines a collection of principals.
IAzApplicationGroup2	Extends the IAzApplicationGroup interface by adding support for the BizRule group type.
IAzApplicationGroups	Represents a collection of IAzApplicationGroup objects.
IAzAuthorizationStore	Defines the container that is the root of the authorization policy store.
IAzAuthorizationStore2	Inherits from the AzAuthorizationStore object and implements methods to create and open IAzApplication2 objects.
IAzAuthorizationStore3	Extends the IAzAuthorizationStore2 interface with methods that manage business rule (BizRule) support and caching.
IAzBizRuleContext	Contains information about a Business Rule (BizRule) operation.
IAzBizRuleInterfaces	Provides methods and properties used to manage a list of IDispatch interfaces that can be called by business rule (BizRule) scripts.
IAzBizRuleParameters	Provides methods and properties used to manage a list of parameters that can be passed to business rule (BizRule) scripts.
IAzClientContext	Maintains the state that describes a particular client.
IAzClientContext2	Inherits from the IAzClientContext interface and implements new methods that manipulate the client context.
IAzClientContext3	Extends the IAzClientContext2 interface.
IAzNameResolver	Translates security identifiers (SIDs) into principal display names.
IAzObjectPicker	Displays a dialog box that allows users to select one or more principals from a list.
IAzOperation	Defines a low-level operation supported by an application.
IAzOperation2	Extends the IAzOperation with a method that returns the role assignments associated with the operation.
IAzOperations	Represents a collection of IAzOperation objects.
IAzPrincipalLocator	Locates and chooses Active Directory Application Mode (ADAM) principals in Authorization Manager.
IAzRole	Defines the set of operations that can be performed by a set of users within a scope.
IAzRoleAssignment	Represents a role to which users and groups can be assigned.
IAzRoleAssignments	Represents a collection of IAzRoleAssignment objects.
IAzRoleDefinition	Represents one or more IAzRoleDefinition, IAzTask, and IAzOperation objects that specify a set of operations.
IAzRoleDefinitions	Represents a collection of IAzRoleDefinition objects.
IAzRoles	Represents a collection of IAzRole objects.
IAzScope	Defines a logical container of resources to which the application manages access.
IAzScope2	Extends the IAzScope interface to manage IAzRoleAssignment and IAzRoleDefinition objects.
IAzScopes	Represents a collection of IAzScope objects.
IAzTask	Describes a set of operations.
IAzTask2	Extends the IAzTask interface with a method that returns the role assignments associated with the task.
IAzTasks	Represents a collection of IAzTask objects.
IeAxiService	Initializes a system service object to install an ActiveX object when the current user does not have permission to install the object.
IeAxiServiceCallback	Called by the IeAxiSystemInstaller interface to verify that an ActiveX object can be installed.
IeAxiSystemInstaller	Installs an ActiveX object.
IEffectivePermission	Provides a means to determine effective permission for a security principal on an object.
IEffectivePermission2	Provides a way to determine effective permission for a security principal on an object.
ISecurityInformation	Enables the access control editor to communicate with the caller of the CreateSecurityPage and EditSecurity functions.
ISecurityInformation2	Enables the access control editor to obtain information from the client that is not provided by the ISecurityInformation interface.
ISecurityInformation3	Provides methods necessary for displaying an elevated access control editor when a user clicks the Edit button on an access control editor page that displays an image of a shield on that Edit button.
ISecurityInformation4	Enables the access control editor (ACE) to obtain the share's security descriptor to initialize the share page.
ISecurityObjectTypeInfo	Provides a means of determining the source of inherited access control entries (ACEs) in discretionary access control lists (DACLs) and system access control lists (SACLs).

Authorization interfaces are categorized according to usage as follows:

• Access Control Editor Interfaces
• ActiveX Installer Interfaces
• Authorization Manager Interfaces

Access Control Editor Interfaces

The following interfaces are used with the access control editor.

• IEffectivePermission
• ISecurityInformation
• ISecurityInformation2
• ISecurityInformation3
• ISecurityObjectTypeInfo

ActiveX Installer Interfaces

ActiveX Installer provides the following interfaces.

• IeAxiService
• IeAxiServiceCallback
• IeAxiSystemInstaller

Authorization Manager Interfaces

Authorization Manager provides the following interfaces.

• IAzApplication
• IAzApplication2
• IAzApplication3
• IAzApplications
• IAzApplicationGroup
• IAzApplicationGroup2
• IAzApplicationGroups
• IAzAuthorizationStore
• IAzAuthorizationStore2
• IAzAuthorizationStore3
• IAzBizRuleContext
• IAzBizRuleInterfaces
• IAzBizRuleParameters
• IAzClientContext
• IAzClientContext2
• IAzClientContext3
• IAzNameResolver
• IAzObjectPicker
• IAzOperation
• IAzOperation2
• IAzOperations
• IAzPrincipalLocator
• IAzRole
• IAzRoleAssignment
• IAzRoleAssignments
• IAzRoleDefinition
• IAzRoleDefinitions
• IAzRoles
• IAzScope
• IAzScope2
• IAzScopes
• IAzTask
• IAzTask2
• IAzTasks