Share via

HasMask Method

  • Article

HasMask Method

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.

Determines if an entity object has specific rights to an item.

Applies To

Entity Object

Syntax



[JScript]
bool  objEntity.HasMask(masks);


Parameters




    

  • masks
    
A string value of bitmasks to compare with the entity object's masks.
    • 





Return Value




Returns TRUE if the masks for an entity object have the permissions specified by the masks parameter.




Remarks




Masks in the Exchange Application Security Module have three parts: item mask, subcontainer mask, and subitem mask, and are specified from left to right. Each mask has an allow and deny bit. These bits pertain to a specific permission, such as read and write permissions.


Consider the masks in an entity object for a particular user:


[0x1, 0x2, 0x1, 0x2, 0x0, 0x0]


The following table describes the allow and deny bits for this user's masks:






User: Item Mask
User: Subcontainer Mask
User: Subitem Mask






Allow: 0x1 Deny: 0x2
Allow: 0x1 Deny: 0x2
Allow: 0x0 Deny: 0x0






The binary evaluations for item and subcontainer masks are the same. The allow bit is 00000001 or 0x1, and the deny bit is 00000010 or 0x2.


Note that both allow and deny bits for the subitem mask are zeros which means that no check of those permissions is necessary.


Next, compare the user's masks with masks that specify read permissions, TestRead, and masks that specify write permissions, TestWrite.


TestRead – [0x1, 0x1, 0x1, 0x1, 0x0, 0x0]


TestWrite – [0x2, 0x2, 0x2, 0x2, 0x0, 0x0]


The following table shows binary bitwise comparisons of the user's masks with the TestRead and TestWrite masks for an item. For simplicity, the masks for subcontainers and subitems are not described in this detail.






Allow Bit for Item
Deny Bit for Item
Results






User: 00000001 TestRead: 00000001
User: 00000010 TestRead: 00000001
The allow bits match, thus the user has read permission for the item. The deny bits do not match, thus the user is not denied read rights.




User: 00000001 TestWrite: 00000010
User: 00000010 TestWrite: 00000010
The allow bits do not match, thus the user is not allowed write permission for the item. The deny bits do match, thus the user is denied write permission for the item.






These comparisons can be expressed programmatically as follows, where e is an entity object.


e.HasMask(TestRead) has one match, so this method returns TRUE.


e.HasMask(TestWrite) has no matches, so this method returns FALSE.


Note  All allow bits are evaluated first, then the deny bits are evaluated.




Example




var e = objDacl.SearchForObjectByNT4Name("MyDomain\\User1");



var m = new Array(0x0080, 0x0080, 0x0080, 0x0080, 0x0000, 0x0000);
if(e.HasMask(m)) {
// User has that right.
}


See Also




HasMaskByTemplate Method


HasMaskOfEntity Method


IsEqualMask Method




Send us your feedback about the Microsoft Exchange Server 2003 SDK.


Build: June 2007 (2007.618.1)


© 2003-2006 Microsoft Corporation. All rights reserved. Terms of use.