Export (0) Print
Expand All

IADsSecurityDescriptor Property Methods

The property methods of the IADsSecurityDescriptor interface get or set the properties described in the following table. For more information, see Interface Property Methods.

Properties

Control
Flags that qualify the meaning of the security descriptor. Values are taken from the Win32 SECURITY_DESCRIPTOR_CONTROL structure.
Access type: Read/write
Scripting data type: LONG
// C++ method syntax
 
 HRESULT get_Control(
   [out] LONG* plControl
      
      
);

     
 HRESULT put_Control(
   [in] LONG lControl
      
      
);

     
    
DaclDefaulted
A flag of the BOOL type that indicates if the DACL is derived from a default mechanism, rather than being provided explicitly by the original provider of the security descriptor. For example, if an object's creator does not specify a DACL, the object receives the default DACL from the creator's access token. This flag can affect how the system treats the DACL, with respect to ACE inheritance. The system ignores this flag if the SE_DACL_PRESENT flag is not set.
Access type: Read/write
Scripting data type: VARIANT_BOOL
// C++ method syntax
 
 HRESULT get_DaclDefaulted(
   [out] VARIANT_BOOL* fDaclDefaulted
      
      
);

     
 HRESULT put_DaclDefaulted(
   [in] VARIANT_BOOL fDaclDefaulted
      
      
);

     
    
DiscretionaryAcl
Discretionary access-control list (DACL) that specifies the types of access granted to the object for specified users and groups. For more information about DACLs, see Null DACLs and Empty DACLs.
Access type: Read/write
Scripting data type: IDispatch
// C++ method syntax
 
 HRESULT get_DiscretionaryAcl(
   [out] IDispatch** ppIDispDACL
      
      
);

     
 HRESULT put_DiscretionaryAcl(
   [in] IDispatch* pIDispDACL
      
      
);

     
    
Group
Group to which the owner's security ID belongs.
Access type: Read/write
Scripting data type: BSTR
// C++ method syntax
 
 HRESULT get_Group(
   [out] BSTR* pbstrGroupl
      
      
);

     
 HRESULT put_Group(
   [in] BSTR bstrGroup
      
      
);

     
    
GroupDefaulted
A flag of the BOOL type that indicates if the group data is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor.
Access type: Read/write
Scripting data type: VARIANT_BOOL
// C++ method syntax
 
 HRESULT get_GroupDefaultedY(
   [out] VARIANT_BOOL* fGroupDefaulted
      
      
);

     
 HRESULT put_GroupDefaulted(
   [in] VARIANT_BOOL fGroupDefaulted
      
      
);

     
    
Owner
Object owner.
Access type: Read/write
Scripting data type: BSTR
// C++ method syntax
 
 HRESULT get_Owner(
   [out] BSTR* pbstrOwnerl
      
      
);

     
 HRESULT put_Owner(
   [in] BSTR bstrOwner
      
      
);

     
    
OwnerDefaulted
A flag of the BOOL type that indicates that the owner data is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor.
Access type: Read/write
Scripting data type: VARIANT_BOOL
// C++ method syntax
 
 HRESULT get_OwnerDefaulted(
   [out] VARIANT_BOOL* fOwnerDefaulted
      
      
);

     
 HRESULT put_OwnerDefaulted(
   [in] VARIANT_BOOL fOwnerDefaulted
      
      
);

     
    
Revision
Revision level of the security descriptor. This value is taken from the Win32 ACL_REVISION_INFORMATION structure. All ACEs in an ACL must be at the same revision level.
Access type: Read/write
Scripting data type: LONG
// C++ method syntax
 
 HRESULT get_Revision(
   [out] LONG* plRevision
      
      
);

     
 HRESULT put_Revision(
   [in] LONG lRevision
      
      
);

     
    
SaclDefaulted
A flag of the BOOL type that indicates that the SACL is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor. This flag can affect how the system handles the SACL, with respect to ACE inheritance. The system ignores this flag if the SE_SACL_PRESENT flag is not set.
Access type: Read/write
Scripting data type: VARIANT_BOOL
// C++ method syntax
 
 HRESULT get_SaclDefaulted(
   [out] VARIANT_BOOL* fSaclDefaulted
      
      
);

     
 HRESULT put_SaclDefaulted(
   [in] VARIANT_BOOL fSaclDefaulted
      
      
);

     
    
SystemAcl
System access-control list used to generate audit records for the object.
Access type: Read/write
Scripting data type: IDispatch
// C++ method syntax
 
 HRESULT get_SystemAcl(
   [out] IDispatch** ppIDispSACL
      
      
);

     
 HRESULT put_SystemAcl(
   [in] IDispatch* pIDispSACL
      
      
);

     
    

 

Examples

The following code example shows how to enumerate an existing security descriptor.


Dim ou As IADs
Dim sd As IADsSecurityDescriptor
Dim dacl As IADsAccessControlList
Dim sacl As IADsAccessControlList

On Error GoTo Cleanup 
 
Set ou = GetObject("LDAP://OU=Sales,DC=Fabrikam,DC=com")
Set sd = ou.Get("ntSecurityDescriptor")
Debug.Print sd.Owner
Debug.Print sd.Group
Debug.Print sd.Owner
Debug.Print sd.Revision
Set dacl = sd.DiscretionaryAcl
Set sacl = sd.SystemAcl
' Add code to perform an operation with the Discretionary and System ACLs.

Cleanup:
    If (Err.Number<>0) Then
        MsgBox("An error has occurred. " & Err.Number)
    End If
    Set ou = Nothing
    Set sd = Nothing
    Set dacl = Nothing
    Set sacl = Nothing


Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Iads.h

DLL

Activeds.dll

IID

IID_IADsSecurityDescriptor is defined as B8C787CA-9BDD-11D0-852C-00C04FD8D503

See also

IADsSecurityDescriptor
IADsAccessControlEntry
IADsAccessControlList

 

 

Show:
© 2014 Microsoft