AuthzCachedAccessCheck function (authz.h)
The AuthzCachedAccessCheck function performs a fast access check based on a cached handle containing the static granted bits from a previous AuthzAccessCheck call.
Syntax
AUTHZAPI BOOL AuthzCachedAccessCheck(
[in] DWORD Flags,
[in] AUTHZ_ACCESS_CHECK_RESULTS_HANDLE hAccessCheckResults,
[in] PAUTHZ_ACCESS_REQUEST pRequest,
[in] AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,
[out] PAUTHZ_ACCESS_REPLY pReply
);
Parameters
[in] Flags
Reserved for future use.
[in] hAccessCheckResults
A handle to the cached access check results.
[in] pRequest
Access request handle specifying the desired access mask, principal self SID, and the object type list structure (if any).
[in] hAuditEvent
A structure that contains object-specific audit information. When the value of this parameter is not null, an audit is automatically requested. Static audit information is read from the resource manager structure.
[out] pReply
A pointer to an AUTHZ_ACCESS_REPLY handle that returns the results of access check as an array of GrantedAccessMask/ErrorValue pairs. The number of pairs returned is supplied by the caller in the ResultListLength member of the AUTHZ_ACCESS_REPLY structure.
Return value
If the function succeeds, it returns TRUE.
If the function fails, it returns FALSE. To get extended error information, call GetLastError.
Expected values of the Error members of array elements returned are shown in the following table.
Return code | Description |
---|---|
|
All the access bits, not including MAXIMUM_ALLOWED, are granted and the GrantedAccessMask member of the pReply parameter is not zero. |
|
The DesiredAccess member of the pRequest parameter includes ACCESS_SYSTEM_SECURITY, and the client does not have the SeSecurityPrivilege privilege. |
|
One or more of the following is true:
|
Remarks
The client context pointer is stored in the AuthzHandle parameter. The structure of the client context must be exactly the same as it was at the time AuthzHandle was created. This restriction is for the following fields:
- SIDs
- RestrictedSids
- Privileges
The AuthzCachedAccessCheck function maintains a cache as a result of evaluating Central Access Policies (CAP) on objects unless CAPs are ignored, for example when the AUTHZ_RM_FLAG_NO_CENTRAL_ACCESS_POLICIES flag is used. The client may call the AuthzFreeCentralAccessPolicyCache function to free up this cache. Note that this requires a subsequent call to AuthzCachedAccessCheck to rebuild the cache if necessary.
For more information, see the How AccessCheck Works and Centralized Authorization Policy overviews.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows XP [desktop apps only] |
Minimum supported server | Windows Server 2003 [desktop apps only] |
Target Platform | Windows |
Header | authz.h |
Library | Authz.lib |
DLL | Authz.dll |
Redistributable | Windows Server 2003 Administration Tools Pack on Windows XP |
See also
AuthzFreeCentralAccessPolicyCache
AuthzInitializeResourceManager
Basic Access Control Functions