Operations and Tasks

An operation is a low-level computer action. In the Authorization Manager API, an operation is represented by an IAzOperation object. In general, operations are too many in number and too low-level to facilitate administration. Group operations into tasks to simplify administration of authorization policy.

A task is represented by an IAzTask object and can contain one or more IAzOperation objects. An IAzTask object can also contain other IAzTask objects, so that tasks can be nested. To facilitate administration, an IAzTask object should represent a task that a real user wants to perform.

Access to the operations contained by a task can be qualified at run time by a business rule script associated with the IAzTask object that represents that task. For more information about business rule scripts, see Business Rules.

An IAzTask object can also represent a role definition by setting its IsRoleDefinition property to TRUE. The Authorization Manager MMC snap-in user interface then displays that IAzTask object as a role. For more information about role definitions, see Roles.

Related topics

Defining Operations in C++
Grouping Operations into Tasks in C++
Grouping Tasks into Roles in C++
Users and Groups