Partager via


IAccessControl:IUnknown

This interface manages access to objects and properties.

When to Implement

Distributed COM provides an implementation of the IAccessControl interface. COM servers can use this implementation to protect their objects from unauthorized access in a manner that is supported by Microsoft® Windows® 95, Microsoft Windows 98, Microsoft Windows NT®, and Microsoft Windows 2000. To get a pointer to this implementation, call the CoCreateInstance function, specifying CLSID_DCOMAccessControl as the CLSID. This implementation supports the IPersist interface to save the state of the access control object.

The implementation of IAccessControl provided by COM calls built-in access control functions such as OpenThreadToken and AccessCheck. If you decide to implement IAccessControl yourself, you can also call these access control functions. However, because IAccessControl methods take access information in a different format than the built-in access control functions do, your implementation must be able to convert from one format to the other as necessary.

Note   If you decide to implement IAccessControl and pass your implementation to the CoInitializeSecurity function, you must ensure that it is completely thread-safe, because COM can call it on any thread, at any time.

In addition to the COM implementation of IAccessControl, another implementation is supplied for storage and Directory Service objects.

When to Use

Call methods of the IAccessControl interface to manage access to objects and properties and to obtain access information. This interface primarily sets process security with a call to CoInitializeSecurity, specifying capability flag EOAC_ACCESS_CONTROL and providing a pointer to an instance of IAccessControl as the first (pVoid) parameter. Then, COM calls IAccessControl methods to determine access rights.

IAccessControl should only be used to manage access rights. To manage launch permissions, use DCOMCNFG or set the LaunchPermission named value under the APPID registry key.

COM formats all character strings as Unicode. You must convert all ANSI strings to Unicode before passing them to methods of an implementation of IAccessControl.

Methods

The following table shows the methods for this interface in the order that the compiler calls the methods. Like all COM interfaces, this interface inherits the methods for the IUnknown interface.

IUnknown method Description
QueryInterface Returns pointers to supported interfaces.
AddRef Increments reference count.
Release Decrements reference count.
IAccessControl method Description
GrantAccessRights Merges the new ACTRL_ACCESS list with the existing access rights on the object.
SetAccessRights Replaces existing access rights with the specified list.
SetOwner Sets an item's owner or group.
RevokeAccessRights Removes explicit entries for the list of trustees.
GetAllAccessRights Gets the entire list of access rights and/or the owner and group for the object.
IsAccessAllowed Determines whether the trustee has access to the object/property.

Remarks

To determine whether the platform supports this interface, see Determining Supported COM APIs.

Requirements

OS Versions: Windows CE 3.0 and later.
Header: IAccess.h.
Link Library: Ole32.lib, Uuid.lib.

See Also

CoCreateInstance | CoInitializeSecurity | IPersist

Last updated on Wednesday, April 13, 2005

© 2005 Microsoft Corporation. All rights reserved.