Exporter (0) Imprimer
Développer tout
EN
Ce contenu n’est pas disponible dans votre langue. Voici la version anglaise.

IADsAccessControlEntry interface

The IADsAccessControlEntry interface is a dual interface that enables directory clients to access and manipulate individual access-control entries (ACEs) of the owning object. An ACE stipulates who can access the object and what type of access granted and specifies whether the access control settings can be propagated from the object to any of its children. An ACE exposes a set of properties through this interface to provide such services.

An object can have a number of ACEs, one for each client or a group of clients. ACEs are maintained in an access-control list (ACL) which implements the IADsAccessControlList interface. That is, a client must use an ACL to access an ACE. To access the ACL, retrieve the security descriptor of the object that implements the IADsSecurityDescriptor interface. The following procedures describe how to manage access controls over an ADSI object.

Some of the IADsAccessControlEntry property values, such as AccessMask and AceFlags, will be different for different object types. For example, an Active Directory object will use the ADS_RIGHT_GENERIC_READ member of the ADS_RIGHTS_ENUM enumeration for the IADsAccessControlEntry.AccessMask property, but the equivalent access right for a file object is FILE_GENERIC_READ. It is not safe to assume that all property values will be the same for Active Directory objects and non-Active Directory objects. For more information, see Security Descriptors on Files and Registry Keys.

Aa705951.wedge(en-us,VS.85).gifTo managing access controls over an ADSI object

  1. Retrieve the security descriptor for the object that implements the IADsSecurityDescriptor interface.
  2. Retrieve the ACL from the security descriptor.
  3. Work with the ACE, or ACEs, of the object in the ACL.

Aa705951.wedge(en-us,VS.85).gifTo set a new or modified ACE as persistent

  1. Add the ACE to the ACL.
  2. Assign the ACL to the security descriptor.
  3. Commit the security descriptor to the directory store.

Members

The IADsAccessControlEntry interface inherits from the IDispatch interface. IADsAccessControlEntry also has these types of members:

Properties

The IADsAccessControlEntry interface has these properties.

PropertyAccess typeDescription

AccessMask

Read/write

Gets or sets the access mask for an ACE.

AceFlags

Read/write

Gets or sets ACE flag values.

AceType

Read/write

Gets/sets the ACE type.

Flags

Read/write

Gets or sets flag values.

InheritedObjectType

Read/write

Gets or sets the inherited object type.

ObjectType

Read/write

Gets or sets the object type.

Trustee

Read/write

Gets or sets the trustee.

 

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Iads.h

DLL

Activeds.dll

IID

IID_IADsAccessControlEntry is defined as B4F3A14C-9BDD-11D0-852C-00C04FD8D503

See also

IAccessControlList
IADsSecurityDescriptor

 

 

Microsoft réalise une enquête en ligne pour recueillir votre opinion sur le site Web de MSDN. Si vous choisissez d’y participer, cette enquête en ligne vous sera présentée lorsque vous quitterez le site Web de MSDN.

Si vous souhaitez y participer,
Afficher:
© 2014 Microsoft