Using Authorization in C++

You can use the Authorization Manager API to control access to application resources.

If you have an existing access control solution based on access control lists (ACLs) and want to avoid converting this solution to use Authorization Manager, you can continue to use ACLs to control access to resources. For information about controlling access to resources using ACLs, see Defining Permissions with ACLs in C++, Establishing a Client Context from a SID in C++, and Verifying Client Access with ACLs in C++.

Note  For large enterprises, there is a trade-off between administrative overhead and performance. As the number of secured resources and users increases, the administration of ACLs becomes more complicated. Performance is not affected because all required information about access rights is distributed to the secured resources. The performance of Authorization Manager is affected by scaling.

For information about other authorization tasks, see Supporting Tasks for Authorization in C++.

Defining Permissions in C++ Define which users have access to which application resources by creating an authorization policy store.
Verifying Client Access to a Requested Resource in C++ Check whether the client has access to one or more operations.
Delegating the Defining of Permissions in C++ Delegate the administration of authorization policy stores that are stored in Active Directory.