Windows apps
Collapse the table of content
Expand the table of content
Information
The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

IAccessControl::IsAccessAllowed method

Determines whether the specified trustee has access rights to the object or property.

Syntax


HRESULT IsAccessAllowed(
  [in]  PTRUSTEEW     pTrustee,
  [in]  LPWSTR        lpProperty,
  [in]  ACCESS_RIGHTS AccessRights,
  [out] BOOL          *pfAccessAllowed
);

Parameters

pTrustee [in]

A pointer to a TRUSTEE structure.

lpProperty [in]

The name of the property. If you are using the COM implementation of IAccessControl, this parameter must be NULL.

AccessRights [in]

The access rights on the object. If you are using the COM implementation of IAccessControl, this value must be either 0 or 1 (COM_RIGHTS_EXECUTE).

pfAccessAllowed [out]

Indicates whether access is allowed.

Return value

If this method succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.

Remarks

In the system-supplied implementation of IAccessControl (CLSID_DCOMAccessControl), IsAccessAllowed can be called only during a distributed COM call, and the only valid trustee name is the name of the client.

The following tables list the object-specific access permissions used with the Directory Service and storage implementation of IAccessControl.

The following permissions are specific to DS objects.

Access permissionDescription
ACTRL_DS_OPEN Open a DS object
ACTRL_DS_CREATE_CHILD Create a child object
ACTRL_DS_DELETE_CHILD Delete a child object
ACTRL_DS_LIST Enumerate an object
ACTRL_DS_SELF Update a member list involving the trustee
ACTRL_DS_READ_PROP Read properties
ACTRL_DS_WRITE_PROP Write properties

 

The following permissions are specific to file objects.

Access permissionDescription
ACTRL_FILE_READRead from a file
ACTRL_FILE_WRITEWrite to a file
ACTRL_FILE_APPENDAppend to a file
ACTRL_FILE_READ_PROPRead file properties or extended attributes
ACTRL_FILE_WRITE_PROPWrite file properties or extended attributes
ACTRL_FILE_EXECUTEExecute the file
ACTRL_FILE_READ_ATTRIBRead the file attributes
ACTRL_FILE_WRITE_ATTRIB Write the file attributes

 

The following permissions are specific to directory objects.

Access permissionDescription
ACTRL_DIR_LISTList the contents of a directory
ACTRL_DIR_CREATE_OBJECT Create a child object (file) in a directory
ACTRL_DIR_CREATE_CHILDCreate a subdirectory
ACTRL_DIR_DELETE_CHILDDelete a subdirectory
ACTRL_DIR_TRAVERSE Traverse the directory

 

The following permissions are specific to kernel objects.

Access permissionDescription
ACTRL_KERNEL_TERMINATETerminate a process or thread
ACTRL_KERNEL_THREADCreate a thread
ACTRL_KERNEL_VMPerform address space operations
ACTRL_KERNEL_VM_READRead from memory
ACTRL_KERNEL_VM_WRITEWrite to memory
ACTRL_KERNEL_DUP_HANDLE Duplicate a handle
ACTRL_KERNEL_PROCESSCreate a process
ACTRL_KERNEL_SET_INFOGet kernel object information or state
ACTRL_KERNEL_GET_INFOSet kernel object information or state
ACTRL_KERNEL_CONTROLControl a kernel object (such as suspending a thread)
ACTRL_KERNEL_ALERTAlert a kernel object.
ACTRL_KERNEL_GET_CONTEXTGet the thread context
ACTRL_KERNEL_SET_CONTEXTSet the thread context
ACTRL_KERNEL_TOKENSet the thread token
ACTRL_KERNEL_IMPERSONATEImpersonate a client
ACTRL_KERNEL_DIMPERSONATE Directly impersonate a client

 

The following permissions are specific to printer objects.

Access permissionDescription
ACTRL_PRINT_SADMINAdminister a print server
ACTRL_PRINT_SLISTEnumerate a print server
ACTRL_PRINT_PADMINAdminister a printer
ACTRL_PRINT_PUSEUse a printer
ACTRL_PRINT_JADMINAdminister a print job

 

The following permissions are specific to service objects.

Access permissionDescription
ACTRL_SVC_GET_INFOStart a service
ACTRL_SVC_SET_INFOStop a service
ACTRL_SVC_STATUSPause a service
ACTRL_SVC_LISTEnumerate the services
ACTRL_SVC_STARTStart a service
ACTRL_SVC_STOPStop a service
ACTRL_SVC_PAUSEPause a service
ACTRL_SVC_INTERROGATEQuery the service for current status
ACTRL_SVC_UCONTROLUser-defined control

 

The following permissions are specific to registry objects.

Access permissionDescription
ACTRL_REG_QUERYRead a registry subkey
ACTRL_REG_SETWrite a registry subkey
ACTRL_REG_CREATE_CHILDCreate a registry subkey
ACTRL_REG_LISTEnumerate a registry subkey
ACTRL_REG_NOTIFYCreate a registry notification
ACTRL_REG_LINK Create a symbolic link

 

The following permissions are specific to window objects.

Access permissionDescription
ACTRL_WIN_CLIPBRDEnable access to the clipboard
ACTRL_WIN_GLOBAL_ATOMSEnable global-atom access
ACTRL_WIN_CREATECreate desktop access
ACTRL_WIN_LIST_DESKEnumerate the desktops
ACTRL_WIN_LISTEnumerate the window station
ACTRL_WIN_READ_ATTRIBSRead the attributes
ACTRL_WIN_WRITE_ATTRIBSWrite the attributes
ACTRL_WIN_SCREENEnable access to the screen
ACTRL_WIN_EXITCall ExitWindows or ExitWindowsEx

 

Requirements

Minimum supported client

Windows 2000 Professional [desktop apps only]

Minimum supported server

Windows 2000 Server [desktop apps only]

Header

IAccess.h

IDL

IAccess.idl

IID

IID_IAccessControl is defined as EEDD23E0-8410-11CE-A1C3-08002B2B8D8F

See also

IAccessControl

 

 

Show:
© 2017 Microsoft