IADsSecurityDescriptor Property Methods
The property methods of the IADsSecurityDescriptor interface get or set the properties described in the following table. For more information, see Interface Property Methods.
Properties
-
Control
-
-
Access type: Read/write
-
Scripting data type: LONG
-
// C++ method syntax HRESULT get_Control( [out] LONG* plControl ); HRESULT put_Control( [in] LONG lControl );
Flags that qualify the meaning of the security descriptor. Values are taken from the Win32 SECURITY_DESCRIPTOR_CONTROL structure.
-
-
DaclDefaulted
-
-
Access type: Read/write
-
Scripting data type: VARIANT_BOOL
-
// C++ method syntax HRESULT get_DaclDefaulted( [out] VARIANT_BOOL* fDaclDefaulted ); HRESULT put_DaclDefaulted( [in] VARIANT_BOOL fDaclDefaulted );
A flag of the BOOL type that indicates if the DACL is derived from a default mechanism, rather than being provided explicitly by the original provider of the security descriptor. For example, if an object's creator does not specify a DACL, the object receives the default DACL from the creator's access token. This flag can affect how the system treats the DACL, with respect to ACE inheritance. The system ignores this flag if the SE_DACL_PRESENT flag is not set.
-
-
DiscretionaryAcl
-
-
Access type: Read/write
-
Scripting data type: IDispatch
-
// C++ method syntax HRESULT get_DiscretionaryAcl( [out] IDispatch** ppIDispDACL ); HRESULT put_DiscretionaryAcl( [in] IDispatch* pIDispDACL );
Discretionary access-control list (DACL) that specifies the types of access granted to the object for specified users and groups. For more information about DACLs, see Null DACLs and Empty DACLs.
-
-
Group
-
-
Access type: Read/write
-
Scripting data type: BSTR
-
// C++ method syntax HRESULT get_Group( [out] BSTR* pbstrGroupl ); HRESULT put_Group( [in] BSTR bstrGroup );
Group to which the owner's security ID belongs.
-
-
GroupDefaulted
-
-
Access type: Read/write
-
Scripting data type: VARIANT_BOOL
-
// C++ method syntax HRESULT get_GroupDefaultedY( [out] VARIANT_BOOL* fGroupDefaulted ); HRESULT put_GroupDefaulted( [in] VARIANT_BOOL fGroupDefaulted );
A flag of the BOOL type that indicates if the group data is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor.
-
-
Owner
-
-
Access type: Read/write
-
Scripting data type: BSTR
-
// C++ method syntax HRESULT get_Owner( [out] BSTR* pbstrOwnerl ); HRESULT put_Owner( [in] BSTR bstrOwner );
Object owner.
-
-
OwnerDefaulted
-
-
Access type: Read/write
-
Scripting data type: VARIANT_BOOL
-
// C++ method syntax HRESULT get_OwnerDefaulted( [out] VARIANT_BOOL* fOwnerDefaulted ); HRESULT put_OwnerDefaulted( [in] VARIANT_BOOL fOwnerDefaulted );
A flag of the BOOL type that indicates that the owner data is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor.
-
-
Revision
-
-
Access type: Read/write
-
Scripting data type: LONG
-
// C++ method syntax HRESULT get_Revision( [out] LONG* plRevision ); HRESULT put_Revision( [in] LONG lRevision );
Revision level of the security descriptor. This value is taken from the Win32 ACL_REVISION_INFORMATION structure. All ACEs in an ACL must be at the same revision level.
-
-
SaclDefaulted
-
-
Access type: Read/write
-
Scripting data type: VARIANT_BOOL
-
// C++ method syntax HRESULT get_SaclDefaulted( [out] VARIANT_BOOL* fSaclDefaulted ); HRESULT put_SaclDefaulted( [in] VARIANT_BOOL fSaclDefaulted );
A flag of the BOOL type that indicates that the SACL is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor. This flag can affect how the system handles the SACL, with respect to ACE inheritance. The system ignores this flag if the SE_SACL_PRESENT flag is not set.
-
-
SystemAcl
-
-
Access type: Read/write
-
Scripting data type: IDispatch
-
// C++ method syntax HRESULT get_SystemAcl( [out] IDispatch** ppIDispSACL ); HRESULT put_SystemAcl( [in] IDispatch* pIDispSACL );
System access-control list used to generate audit records for the object.
-
Examples
The following code example shows how to enumerate an existing security descriptor.
Dim ou As IADs
Dim sd As IADsSecurityDescriptor
Dim dacl As IADsAccessControlList
Dim sacl As IADsAccessControlList
On Error GoTo Cleanup
Set ou = GetObject("LDAP://OU=Sales,DC=Fabrikam,DC=com")
Set sd = ou.Get("ntSecurityDescriptor")
Debug.Print sd.Owner
Debug.Print sd.Group
Debug.Print sd.Owner
Debug.Print sd.Revision
Set dacl = sd.DiscretionaryAcl
Set sacl = sd.SystemAcl
' Add code to perform an operation with the Discretionary and System ACLs.
Cleanup:
If (Err.Number<>0) Then
MsgBox("An error has occurred. " & Err.Number)
End If
Set ou = Nothing
Set sd = Nothing
Set dacl = Nothing
Set sacl = Nothing
Requirements
Requirement | Value |
---|---|
Minimum supported client |
Windows Vista |
Minimum supported server |
Windows Server 2008 |
Header |
|
DLL |
|
IID |
IID_IADsSecurityDescriptor is defined as B8C787CA-9BDD-11D0-852C-00C04FD8D503 |