The IEffectivePermission2 interface provides a way to determine effective permissions for a security principal on an object in a way where the principal's security context may be compounded with a device context or adjusted in other ways. Additionally, it determines the effective permissions even when multiple security checks apply. The access control editor uses this information to communicate the effective permissions to the client.
The IEffectivePermission2 interface inherits from the IUnknown interface. IEffectivePermission2 also has these types of members:
The IEffectivePermission2 interface has these methods.
Computes the effective permissions by using the secondary security for an object.
The IEffectivePermission2 interface should be implemented by resource managers that support dynamic access control or by resource managers where the effective access to an object is determined by more than one security check, for example, a security descriptor and a firewall.
The resource manager typically implements ISecurityInformation4 before implementing IEffectivePermission2 because IEffectivePermission2 interprets the SECURITY_OBJECT returned by the GetSecondarySecurity method.
If the IEffectivePermission2 interface is implemented, then the IEffectivePermission interface is not used.
Minimum supported client
|Windows 8 [desktop apps only]|
Minimum supported server
|Windows Server 2012 [desktop apps only]|