Setting Access Rights on the Entire Object

Certain permissions can be set only for an entire object, such as Delete and List Contents. Operation-specific permissions, such as the Read permission, can also be set for entire object so that they apply to an entire object.

The following procedure can be used to set permissions for an entire object.

ms677952.wedge(en-us,VS.85).gifTo set permissions for an entire object

  1. Set IADsAccessControlEntry.AceType to ADS_ACETYPE_ACCESS_ALLOWED or ADS_ACETYPE_ACCESS_DENIED.
  2. Set IADsAccessControlEntry.ObjectType and IADsAccessControlEntry.InheritedObjectType to NULL.

For more information about how to create an ACE, see Setting Access Rights on an Object.

For more information and a code example that can be used to set an ACE, see Example Code for Setting an ACE on a Directory Object.

 

 

Show: