Edit

Share via

AuthzInitializeResourceManager function (authz.h)

  • Article

The AuthzInitializeResourceManager function uses Authz to verify that clients have access to various resources.

Syntax

AUTHZAPI BOOL AuthzInitializeResourceManager(
  [in]           DWORD                            Flags,
  [in, optional] PFN_AUTHZ_DYNAMIC_ACCESS_CHECK   pfnDynamicAccessCheck,
  [in, optional] PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups,
  [in, optional] PFN_AUTHZ_FREE_DYNAMIC_GROUPS    pfnFreeDynamicGroups,
  [in]           PCWSTR                           szResourceManagerName,
  [out]          PAUTHZ_RESOURCE_MANAGER_HANDLE   phAuthzResourceManager
);

Parameters

[in] Flags

A DWORD value that defines how the resource manager is initialized. This parameter can contain the following values.

Value Meaning
0
 Default call to the function. The resource manager is initialized as the principal identified in the process token, and auditing is in effect. Note that unless the AUTHZ_RM_FLAG_NO_AUDIT flag is set, SeAuditPrivilege must be enabled for the function to succeed.
AUTHZ_RM_FLAG_NO_AUDIT
 Auditing is not in effect. If this flag is set, the caller does not need to have SeAuditPrivilege enabled to call this function.
AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION
 The resource manager is initialized as the identity of the thread token.
AUTHZ_RM_FLAG_NO_CENTRAL_ACCESS_POLICIES
 The resource manager ignores CAP IDs and does not evaluate centralized access policies.
 

AUTHZ_RM_FLAG_NO_AUDIT and AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION can be bitwise-combined.

[in, optional] pfnDynamicAccessCheck

A pointer to the AuthzAccessCheckCallback callback function that the resource manager calls each time it encounters a callback access control entry (ACE) during access control list (ACL) evaluation in AuthzAccessCheck or AuthzCachedAccessCheck. This parameter can be NULL if no access check callback function is used.

[in, optional] pfnComputeDynamicGroups

A pointer to the AuthzComputeGroupsCallback callback function called by the resource manager during initialization of an AuthzClientContext handle. This parameter can be NULL if no callback function is used to compute dynamic groups.

[in, optional] pfnFreeDynamicGroups

A pointer to the AuthzFreeGroupsCallback callback function called by the resource manager to free security identifier (SID) attribute arrays allocated by the compute dynamic groups callback. This parameter can be NULL if no callback function is used to compute dynamic groups.

[in] szResourceManagerName

A string that identifies the resource manager. This parameter can be NULL if the resource manager does not need a name.

[out] phAuthzResourceManager

A pointer to the returned resource manager handle. When you have finished using the handle, free it by calling the AuthzFreeResourceManager function.

Return value

If the function succeeds, the function returns a nonzero value.

If the function fails, it returns a zero value. To get extended error information, call GetLastError.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header authz.h
Library Authz.lib
DLL Authz.dll
Redistributable Windows Server 2003 Administration Tools Pack on Windows XP

See also

AuthzAccessCheck

AuthzCachedAccessCheck

AuthzFreeResourceManager

Basic Access Control Functions