Export (0) Print
Expand All

2.5.3.1.4 GetCentralizedAccessPolicy

A support function, GetCentralizedAccessPolicy, determines if there is a central access policy and, if so, returns it based on the policy SID in the SACL. If no policy matches the policy SID, the function returns an implementation-specific local recovery policy.<78>

CentralizedAccessPolicy 
GetCentralizedAccessPolicy(
    ACL Sacl)
    --
    -- On entry
    --    Sacl is the Sacl from the security descriptor used for Access Check.
    -- 
    -- Returns
    --    NULL - there is no policy
    --    The policy from the configuration if one exists and matches the scoped SID
    --    The default (recovery) policy if none match the scoped SID
    --

    Dim SID CentralizedAccessPolicySid
    Dim CentralAccessPolicy CentralizedAccessPolicy

    IF No central access policy is present in the configuration THEN
        return NULL
    END IF

    IF SACL is not NULL THEN
        CALL GetScopedPolicySid(SACL) returning CentralizedAccessPolicySid
        IF CentralizedAccessPolicySid is not NULL THEN
            Get CentralizedAccessPolicy using CentralizedAccessPolicySid
            IF CentralizedAccessPolicy is NULL THEN
                Set CentralizedAccessPolicy to RecoveryCentralizedAccessPolicy
            END IF
        END IF
    END IF

    return CentralizedAccessPolicy

END-SUBROUTINE
 
Show:
© 2014 Microsoft