IAccessControl::IsAccessAllowed
A version of this page is also available for
4/8/2010
This method determines whether the given trustee has access rights to the object or property.
Syntax
HRESULT IsAccessAllowed(
PTRUSTEEW pTrustee,
LPWSTR lpProperty,
ACCESS_RIGHTS AccessRights,
BOOL* pfAccessAllowed
);
Parameters
- pTrustee
[in] Pointer to the trustee.
- lpProperty
[in] Name of the property. If you are using the COM implementation of the IAccessControl interface, this parameter must be NULL.
- AccessRights
[in] Access rights on the object. ACCESS_RIGHTS is defined as a ULONG. If you are using the COM implementation of IAccessControl, this value must be either zero or 1 (COM_RIGHTS_EXECUTE).
- pfAccessAllowed
[out] Pointer to a BOOL variable that is set to TRUE if access is allowed; otherwise, it is set to FALSE.
Return Value
None.
Remarks
In the system-supplied implementation of IAccessControl (CLSID_DCOMAccessControl), IsAccessAllowed can be called only during a distributed COM call, and the only valid trustee name is the name of the client.
The following table lists the object-specific access permissions used with the Directory Service and storage implementation of IAccessControl.
| Access permission | Object type | Description |
|---|---|---|
ACTRL_DS_OPEN |
Ds |
Open of a DS object. |
ACTRL_DS_CREATE_CHILD |
Ds |
Creation of a child object. |
ACTRL_DS_DELETE_CHILD |
Ds |
Deletion of a child object. |
ACTRL_DS_LIST |
Ds |
Enumerate an object. |
ACTRL_DS_SELF |
Ds |
Member list updates involving the trustee. |
ACTRL_DS_READ_PROP |
Ds |
Read properties. |
ACTRL_DS_WRITE_PROP |
Ds |
Write properties. |
ACTRL_FILE-READ |
File |
Read from a file. |
ACTRL_FILE_WRITE |
File |
Write to a file. |
ACTRL_FILE_APPEND |
File |
Append to a file. |
ACTRL_FILE_READ_PROP |
File |
Read file properties or extended attributes. |
ACTRL_FILE_WRITE_PROP |
File |
Write file properties or extended attributes. |
ACTRL_FILE_EXECUTE |
File |
Execute the file. |
ACTRL_FILE_READ_ATTRIB |
File |
Read the file attributes. |
ACTRL_FILE_WRITE_ATTRIB |
File |
Write the file attributes. |
ACTRL_DIR_LIST |
Directory |
List the contents of a directory. |
ACTRL_DIR_CREATE_OBJECT |
Directory |
Create a child object (file) in a directory. |
ACTRL_DIR_CREATE_CHILD |
Directory |
Create a subdirectory. |
ACTRL_DIR_DELETE_CHILD |
Directory |
Delete a subdirectory. |
ACTRL_DIR_TRAVERSE |
Directory |
Traverse through the directory. |
ACTRL_KERNEL_KILL |
Kernel |
Terminate a kernel item (process or thread). |
ACTRL_KERNEL_THREAD |
Kernel |
Allow for the creation of a thread. |
ACTRL_KERNEL_VM |
Kernel |
Allow for address space operations. |
ACTRL_KERNEL_VM_READ |
Kernel |
Read memory. |
ACTRL_KERNEL_VM_WRITE |
Kernel |
Write memory. |
ACTRL_KERNEL_DUP_HANDLE |
Kernel |
Duplicate a handle. |
ACTRL_KERNEL_PROCESS |
Kernel |
Create a process. |
ACTRL_KERNEL_SET_INFO |
Kernel |
Get kernel object information/state. |
ACTRL_KERNEL_GET_INFO |
Kernel |
Set kernel object information/state. |
ACTRL_KERNEL_CONTROL |
Kernel |
Allow for the control of a kernel object (such as suspending a thread). |
ACTRL_KERNEL_ALERT |
Kernel |
Set kernel alert. |
ACTRL_KERNEL_GET_CONTEXT |
Kernel |
Get the threads context. |
ACTRL_KERNEL_SET_CONTEXT |
Kernel |
Set the threads context. |
ACTRL_KERNEL_TOKEN |
Kernel |
Set the threads token. |
ACTRL_KERNEL_IMPERSONATE |
Kernel |
Client impersonation. |
ACTRL_KERNEL_DIMPERSONATE |
Kernel |
Direct client impersonation. |
ACTRL_PRINT_SADMIN |
Printer |
Print server administration. |
ACTRL_PRINT_SLIST |
Printer |
Print server enumeration. |
ACTRL_PRINT_PADMIN |
Printer |
Printer administration. |
ACTRL_PRINT_PUSE |
Printer |
Can the printer be used. |
ACTRL_PRINT_JADMIN |
Printer |
Print job administration. |
ACTRL_SVC_GET_INFO |
Service |
Get the info on a service. |
ACTRL_SVC_SET_INFO |
Service |
Set the info on a service. |
ACTRL_SVC_STATUS |
Service |
Get the status of a service. |
ACTRL_SVC_LIST |
Service |
Enumerate the services. |
ACTRL_SVC_START |
Service |
Start a service. |
ACTRL_SVC_STOP |
Service |
Stop a service. |
ACTRL_SVC_PAUSE |
Service |
Pause a service. |
ACTRL_SVC_INTERROGATE |
Service |
Query the service for current status. |
ACTRL_SVC_UCONTROL |
Service |
User-defined control. |
ACTRL_REG_QUERY |
Registry |
Read a registry subkey. |
ACTRL_REG_SET |
Registry |
Write a registry subkey. |
ACTRL_REG_CREATE_CHILD |
Registry |
Create a registry subkey. |
ACTRL_REG_LIST |
Registry |
Enumerate a registry subkey. |
ACTRL_REG_NOTIFY |
Registry |
Create a registry notification. |
ACTRL_REG_LINK |
Registry |
Create a symbolic link. |
ACTRL_WIN_CLIPBRD |
Window |
Allow access to the clipboard. |
ACTRL_WIN_GLOBAL_ATOMS |
Window |
Allow global-atom access. |
ACTRL_WIN_CREATE |
Window |
Create desktop access. |
ACTRL_WIN_LIST_DESK |
Window |
Enumerate the desktops. |
ACTRL_WIN_LIST |
Window |
Enumerate the window station. |
ACTRL_WIN_READ_ATTRIBS |
Window |
Read the attributes. |
ACTRL_WIN_WRITE_ATTRIBS |
Window |
Write the attributes. |
ACTRL_WIN_SCREEN |
Window |
Allow access to the screen. |
ACTRL_WIN_EXIT |
Window |
Call ExitWindows* functions. |
To determine whether the platform supports this interface, see Determining Supported COM APIs.
Requirements
| Header | iaccess.h |
| Library | ole32.lib, uuid.lib |
| Windows Embedded CE | Windows CE 3.0 and later |
| Windows Mobile | Windows Mobile Version 5.0 and later |