IAccessControl::IsAccessAllowed method

Determines whether the specified trustee has access rights to the object or property.

Syntax


HRESULT IsAccessAllowed(
  [in]   PTRUSTEEW pTrustee,
  [in]   LPWSTR lpProperty,
  [in]   ACCESS_RIGHTS AccessRights,
  [out]  BOOL *pfAccessAllowed
);

Parameters

pTrustee [in]

A pointer to a TRUSTEE structure.

lpProperty [in]

The name of the property. If you are using the COM implementation of IAccessControl, this parameter must be NULL.

AccessRights [in]

The access rights on the object. If you are using the COM implementation of IAccessControl, this value must be either 0 or 1 (COM_RIGHTS_EXECUTE).

pfAccessAllowed [out]

Indicates whether access is allowed.

Return value

If this method succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.

Remarks

In the system-supplied implementation of IAccessControl (CLSID_DCOMAccessControl), IsAccessAllowed can be called only during a distributed COM call, and the only valid trustee name is the name of the client.

The following tables list the object-specific access permissions used with the Directory Service and storage implementation of IAccessControl.

The following permissions are specific to DS objects.

Access permissionDescription
ACTRL_DS_OPEN Open a DS object
ACTRL_DS_CREATE_CHILD Create a child object
ACTRL_DS_DELETE_CHILD Delete a child object
ACTRL_DS_LIST Enumerate an object
ACTRL_DS_SELF Update a member list involving the trustee
ACTRL_DS_READ_PROP Read properties
ACTRL_DS_WRITE_PROP Write properties

 

The following permissions are specific to file objects.

Access permissionDescription
ACTRL_FILE_READRead from a file
ACTRL_FILE_WRITEWrite to a file
ACTRL_FILE_APPENDAppend to a file
ACTRL_FILE_READ_PROPRead file properties or extended attributes
ACTRL_FILE_WRITE_PROPWrite file properties or extended attributes
ACTRL_FILE_EXECUTEExecute the file
ACTRL_FILE_READ_ATTRIBRead the file attributes
ACTRL_FILE_WRITE_ATTRIB Write the file attributes

 

The following permissions are specific to directory objects.

Access permissionDescription
ACTRL_DIR_LISTList the contents of a directory
ACTRL_DIR_CREATE_OBJECT Create a child object (file) in a directory
ACTRL_DIR_CREATE_CHILDCreate a subdirectory
ACTRL_DIR_DELETE_CHILDDelete a subdirectory
ACTRL_DIR_TRAVERSE Traverse the directory

 

The following permissions are specific to kernel objects.

Access permissionDescription
ACTRL_KERNEL_TERMINATETerminate a process or thread
ACTRL_KERNEL_THREADCreate a thread
ACTRL_KERNEL_VMPerform address space operations
ACTRL_KERNEL_VM_READRead from memory
ACTRL_KERNEL_VM_WRITEWrite to memory
ACTRL_KERNEL_DUP_HANDLE Duplicate a handle
ACTRL_KERNEL_PROCESSCreate a process
ACTRL_KERNEL_SET_INFOGet kernel object information or state
ACTRL_KERNEL_GET_INFOSet kernel object information or state
ACTRL_KERNEL_CONTROLControl a kernel object (such as suspending a thread)
ACTRL_KERNEL_ALERTAlert a kernel object.
ACTRL_KERNEL_GET_CONTEXTGet the thread context
ACTRL_KERNEL_SET_CONTEXTSet the thread context
ACTRL_KERNEL_TOKENSet the thread token
ACTRL_KERNEL_IMPERSONATEImpersonate a client
ACTRL_KERNEL_DIMPERSONATE Directly impersonate a client

 

The following permissions are specific to printer objects.

Access permissionDescription
ACTRL_PRINT_SADMINAdminister a print server
ACTRL_PRINT_SLISTEnumerate a print server
ACTRL_PRINT_PADMINAdminister a printer
ACTRL_PRINT_PUSEUse a printer
ACTRL_PRINT_JADMINAdminister a print job

 

The following permissions are specific to service objects.

Access permissionDescription
ACTRL_SVC_GET_INFOStart a service
ACTRL_SVC_SET_INFOStop a service
ACTRL_SVC_STATUSPause a service
ACTRL_SVC_LISTEnumerate the services
ACTRL_SVC_STARTStart a service
ACTRL_SVC_STOPStop a service
ACTRL_SVC_PAUSEPause a service
ACTRL_SVC_INTERROGATEQuery the service for current status
ACTRL_SVC_UCONTROLUser-defined control

 

The following permissions are specific to registry objects.

Access permissionDescription
ACTRL_REG_QUERYRead a registry subkey
ACTRL_REG_SETWrite a registry subkey
ACTRL_REG_CREATE_CHILDCreate a registry subkey
ACTRL_REG_LISTEnumerate a registry subkey
ACTRL_REG_NOTIFYCreate a registry notification
ACTRL_REG_LINK Create a symbolic link

 

The following permissions are specific to window objects.

Access permissionDescription
ACTRL_WIN_CLIPBRDEnable access to the clipboard
ACTRL_WIN_GLOBAL_ATOMSEnable global-atom access
ACTRL_WIN_CREATECreate desktop access
ACTRL_WIN_LIST_DESKEnumerate the desktops
ACTRL_WIN_LISTEnumerate the window station
ACTRL_WIN_READ_ATTRIBSRead the attributes
ACTRL_WIN_WRITE_ATTRIBSWrite the attributes
ACTRL_WIN_SCREENEnable access to the screen
ACTRL_WIN_EXITCall ExitWindows or ExitWindowsEx

 

Requirements

Minimum supported client

Windows 2000 Professional [desktop apps only]

Minimum supported server

Windows 2000 Server [desktop apps only]

Header

IAccess.h

IDL

IAccess.idl

IID

IID_IAccessControl is defined as EEDD23E0-8410-11CE-A1C3-08002B2B8D8F

See also

IAccessControl

 

 

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.