Export (0) Print
Expand All
2 out of 3 rated this helpful - Rate this topic

IAccessControl interface

Enables the management of access to objects and properties on the objects.

When to implement

Distributed COM provides an implementation of the IAccessControl interface. COM servers can use this implementation to help protect their objects from unauthorized access. To get a pointer to this implementation, call CoCreateInstance, specifying CLSID_DCOMAccessControl as the CLSID. This implementation supports the IPersist interface to save the state of the access control object.

The implementation of IAccessControl provided by COM calls built-in access control functions such as OpenThreadToken and AccessCheck. If you decide to implement IAccessControl yourself, you can also call these access control functions. However, because IAccessControl methods take access information in a different format than the built-in access control functions do, your implementation must be able to convert from one format to the other as necessary.

If you decide to implement IAccessControl and pass your implementation to CoInitializeSecurity, be sure that it is completely thread-safe, because COM can call it on any thread, at any time.

In addition to the COM implementation of IAccessControl, another implementation is supplied for storage and Directory Service objects.

When to use

Call methods of the IAccessControl interface to manage access to objects and properties on the objects and to obtain access information. This interface is primarily used to set processwide security with a call to CoInitializeSecurity, specifying EOAC_ACCESS_CONTROL as the capability flag, and providing a pointer to an instance of IAccessControl as the first (pVoid) parameter. COM then calls IAccessControl methods to determine access rights.

IAccessControl should be used only to manage access rights. To manage launch permissions, use DCOMCNFG or set the LaunchPermission value under the AppID registry key. For details on using DCOMCNFG, see the DCOMCNFG online help.

Members

The IAccessControl interface inherits from the IUnknown interface. IAccessControl also has these types of members:

Methods

The IAccessControl interface has these methods.

MethodDescription
GetAllAccessRights

Gets the entire list of access rights and/or the owner and group for the specified object.

GrantAccessRights

Merges the new list of access rights with the existing access rights on the object.

IsAccessAllowed

Determines whether the specified trustee has access rights to the object or property.

RevokeAccessRights

Removes any explicit entries for the list of trustees.

SetAccessRights

Replaces the existing access rights on an object with the specified list.

SetOwner

Sets the owner or the group of an item.

 

Requirements

Minimum supported client

Windows 2000 Professional [desktop apps only]

Minimum supported server

Windows 2000 Server [desktop apps only]

Header

IAccess.h

IDL

IAccess.idl

IID

IID_IAccessControl is defined as EEDD23E0-8410-11CE-A1C3-08002B2B8D8F

See also

CoInitializeSecurity
Setting Process-Wide Security with CoInitializeSecurity

 

 

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.