IAccessControl::IsAccessAllowed
This method determines whether the given trustee has access rights to the object or property.
HRESULT IsAccessAllowed(
PTRUSTEEW pTrustee,
LPWSTR lpProperty,
ACCESS_RIGHTS AccessRights,
BOOL* pfAccessAllowed
);
Parameters
- pTrustee
[in] Pointer to the trustee. - lpProperty
[in] Name of the property. If you are using the COM implementation of the IAccessControl interface, this parameter must be NULL. - AccessRights
[in] Access rights on the object. ACCESS_RIGHTS is defined as a ULONG. If you are using the COM implementation of IAccessControl, this value must be either zero or 1 (COM_RIGHTS_EXECUTE). - pfAccessAllowed
[out] Pointer to a BOOL variable that is set to TRUE if access is allowed; otherwise, it is set to FALSE.
Return Values
None.
Remarks
In the system-supplied implementation of IAccessControl (CLSID_DCOMAccessControl), IsAccessAllowed can be called only during a distributed COM call, and the only valid trustee name is the name of the client.
The following table lists the object-specific access permissions used with the Directory Service and storage implementation of IAccessControl.
| Access permission | Object-type | Description |
|---|---|---|
| ACTRL_DS_OPEN | Ds | Open of a DS object |
| ACTRL_DS_CREATE_CHILD | Ds | Creation of a child object |
| ACTRL_DS_DELETE_CHILD | Ds | Deletion of a child object |
| ACTRL_DS_LIST | Ds | Enumerate an object |
| ACTRL_DS_SELF | Ds | Member list updates involving the trustee |
| ACTRL_DS_READ_PROP | Ds | Read properties |
| ACTRL_DS_WRITE_PROP | Ds | Write properties |
| ACTRL_FILE-READ | File | Read from a file |
| ACTRL_FILE_WRITE | File | Write to a file |
| ACTRL_FILE_APPEND | File | Append to a file |
| ACTRL_FILE_READ_PROP | File | Read file properties / Extended attributes |
| ACTRL_FILE_WRITE_PROP | File | Write file properties / Extended attributes |
| ACTRL_FILE_EXECUTE | File | Execute the file |
| ACTRL_FILE_READ_ATTRIB | File | Read the file attributes |
| ACTRL_FILE_WRITE_ATTRIB | File | Write the file attributes |
| ACTRL_DIR_LIST | Directory | List the contents of a directory |
| ACTRL_DIR_CREATE_OBJECT | Directory | Create a child object (file) in a directory |
| ACTRL_DIR_CREATE_CHILD | Directory | Create a subdirectory |
| ACTRL_DIR_DELETE_CHILD | Directory | Delete a subdirectory |
| ACTRL_DIR_TRAVERSE | Directory | Traverse through the directory |
| ACTRL_KERNEL_KILL | Kernel | Terminate a kernel item (process / thread) |
| ACTRL_KERNEL_THREAD | Kernel | Allow for the creation of a thread |
| ACTRL_KERNEL_VM | Kernel | Allow for address space operations |
| ACTRL_KERNEL_VM_READ | Kernel | Read memory |
| ACTRL_KERNEL_VM_WRITE | Kernel | Write memory |
| ACTRL_KERNEL_DUP_HANDLE | Kernel | Duplicate a handle |
| ACTRL_KERNEL_PROCESS | Kernel | Create a process |
| ACTRL_KERNEL_SET_INFO | Kernel | Get kernel object information/state |
| ACTRL_KERNEL_GET_INFO | Kernel | Set kernel object information/state |
| ACTRL_KERNEL_CONTROL | Kernel | Allow for the control of a kernel object (such as suspending a thread) |
| ACTRL_KERNEL_ALERT | Kernel | Set kernel alert |
| ACTRL_KERNEL_GET_CONTEXT | Kernel | Get the threads context |
| ACTRL_KERNEL_SET_CONTEXT | Kernel | Set the threads context |
| ACTRL_KERNEL_TOKEN | Kernel | Set the threads token |
| ACTRL_KERNEL_IMPERSONATE | Kernel | Client impersonation |
| ACTRL_KERNEL_DIMPERSONATE | Kernel | Direct client impersonation |
| ACTRL_PRINT_SADMIN | Printer | Print server administration |
| ACTRL_PRINT_SLIST | Printer | Print server enumeration |
| ACTRL_PRINT_PADMIN | Printer | Printer administration |
| ACTRL_PRINT_PUSE | Printer | Can the printer be used |
| ACTRL_PRINT_JADMIN | Printer | Print job administration |
| ACTRL_SVC_GET_INFO | Service | Get the info on a service |
| ACTRL_SVC_SET_INFO | Service | Set the info on a service |
| ACTRL_SVC_STATUS | Service | Get the status of a service |
| ACTRL_SVC_LIST | Service | Enumerate the services |
| ACTRL_SVC_START | Service | Start a service |
| ACTRL_SVC_STOP | Service | Stop a service |
| ACTRL_SVC_PAUSE | Service | Pause a service |
| ACTRL_SVC_INTERROGATE | Service | Query the service for the current status |
| ACTRL_SVC_UCONTROL | Service | User-defined control |
| ACTRL_REG_QUERY | Registry | Read a registry subkey |
| ACTRL_REG_SET | Registry | Write a registry subkey |
| ACTRL_REG_CREATE_CHILD | Registry | Create a registry subkey |
| ACTRL_REG_LIST | Registry | Enumerate a registry subkey |
| ACTRL_REG_NOTIFY | Registry | Create a registry notification |
| ACTRL_REG_LINK | Registry | Create a symbolic link |
| ACTRL_WIN_CLIPBRD | Window | Allow access to the clipboard |
| ACTRL_WIN_GLOBAL_ATOMS | Window | Allow global-atom access |
| ACTRL_WIN_CREATE | Window | Create desktop access |
| ACTRL_WIN_LIST_DESK | Window | Enumerate the desktops |
| ACTRL_WIN_LIST | Window | Enumerate the window station |
| ACTRL_WIN_READ_ATTRIBS | Window | Read the attributes |
| ACTRL_WIN_WRITE_ATTRIBS | Window | Write the attributes |
| ACTRL_WIN_SCREEN | Window | Allow access to the screen |
| ACTRL_WIN_EXIT | Window | Call ExitWindows* functions |
To determine whether the platform supports this interface, see Determining Supported COM APIs.
Requirements
OS Versions: Windows CE 3.0 and later.
Header: IAccess.h.
Link Library: Ole32.lib, Uuid.lib.
Last updated on Wednesday, April 13, 2005
© 2005 Microsoft Corporation. All rights reserved.