AuthzAccessCheckCallback callback function

The AuthzAccessCheckCallback function is an application-defined function that handles callback access control entries (ACEs) during an access check. AuthzAccessCheckCallback is a placeholder for the application-defined function name. The application registers this callback by calling AuthzInitializeResourceManager.


BOOL CALLBACK AuthzAccessCheckCallback(
  _In_     AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
  _In_     PACE_HEADER                 pAce,
  _In_opt_ PVOID                       pArgs,
  _Inout_  PBOOL                       pbAceApplicable


hAuthzClientContext [in]

A handle to a client context.

pAce [in]

A pointer to the ACE to evaluate for inclusion in the call to the AuthzAccessCheck function.

pArgs [in, optional]

Data passed in the DynamicGroupArgs parameter of the call to AuthzAccessCheck or AuthzCachedAccessCheck.

pbAceApplicable [in, out]

A pointer to a Boolean variable that receives the results of the evaluation of the logic defined by the application.

The results are TRUE if the logic determines that the ACE is applicable and will be included in the call to AuthzAccessCheck; otherwise, the results are FALSE.

Return value

If the function succeeds, the function returns TRUE.

If the function is unable to perform the evaluation, it returns FALSE. Use SetLastError to return an error to the access check function.


Security attribute variables must be present in the client context if referred to in a conditional expression, otherwise the conditional expression term referencing them will evaluate to unknown.

For more information, see the How AccessCheck Works and Centralized Authorization Policy overviews.


Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]


Windows Server 2003 Administration Tools Pack on Windows XP

See also

Basic Access Control Functions
Centralized Authorization Policy
How AccessCheck Works