IAccessControl:IUnknown
This interface manages access to objects and properties.
When to Implement
Distributed COM provides an implementation of the IAccessControl interface. COM servers can use this implementation to protect their objects from unauthorized access in a manner that is supported by Microsoft® Windows® 95, Microsoft Windows 98, Microsoft Windows NT®, and Microsoft Windows 2000. To get a pointer to this implementation, call the CoCreateInstance function, specifying CLSID_DCOMAccessControl as the CLSID. This implementation supports the IPersist interface to save the state of the access control object.
The implementation of IAccessControl provided by COM calls built-in access control functions such as OpenThreadToken and AccessCheck. If you decide to implement IAccessControl yourself, you can also call these access control functions. However, because IAccessControl methods take access information in a different format than the built-in access control functions do, your implementation must be able to convert from one format to the other as necessary.
Note If you decide to implement IAccessControl and pass your implementation to the CoInitializeSecurity function, you must ensure that it is completely thread-safe, because COM can call it on any thread, at any time.
In addition to the COM implementation of IAccessControl, another implementation is supplied for storage and Directory Service objects.
When to Use
Call methods of the IAccessControl interface to manage access to objects and properties and to obtain access information. This interface primarily sets process security with a call to CoInitializeSecurity, specifying capability flag EOAC_ACCESS_CONTROL and providing a pointer to an instance of IAccessControl as the first (pVoid) parameter. Then, COM calls IAccessControl methods to determine access rights.
IAccessControl should only be used to manage access rights. To manage launch permissions, use DCOMCNFG or set the LaunchPermission named value under the APPID registry key.
COM formats all character strings as Unicode. You must convert all ANSI strings to Unicode before passing them to methods of an implementation of IAccessControl.
Methods
The following table shows the methods for this interface in the order that the compiler calls the methods. Like all COM interfaces, this interface inherits the methods for the IUnknown interface.
| IUnknown method | Description |
|---|---|
| QueryInterface | Returns pointers to supported interfaces. |
| AddRef | Increments reference count. |
| Release | Decrements reference count. |
| IAccessControl method | Description |
|---|---|
| GrantAccessRights | Merges the new ACTRL_ACCESS list with the existing access rights on the object. |
| SetAccessRights | Replaces existing access rights with the specified list. |
| SetOwner | Sets an item's owner or group. |
| RevokeAccessRights | Removes explicit entries for the list of trustees. |
| GetAllAccessRights | Gets the entire list of access rights and/or the owner and group for the object. |
| IsAccessAllowed | Determines whether the trustee has access to the object/property. |
Remarks
To determine whether the platform supports this interface, see Determining Supported COM APIs.
Requirements
OS Versions: Windows CE 3.0 and later.
Header: IAccess.h.
Link Library: Ole32.lib, Uuid.lib.
See Also
CoCreateInstance | CoInitializeSecurity | IPersist
Last updated on Wednesday, April 13, 2005
© 2005 Microsoft Corporation. All rights reserved.