IADsAccessControlEntry

The IADsAccessControlEntry interface enables you to access and manipulate individual access-control entries (ACEs). An ACE stipulates who can access the object and what type of access is granted.

An object can have several ACEs, one for each client or a group of clients. ACEs are maintained in an access-control list (ACL) which implements the IADsAccessControlList interface.

Some of the IADsAccessControlEntry property values, such as AccessMask and AceFlags, will be different for different object types. For example, an Active Directory object will use the ADS_RIGHT_GENERIC_READ constant of the ADS_RIGHTS_ENUM enumeration for the AccessMask property, but the equivalent access right for a file object is FILE_GENERIC_READ. It is not safe to assume that all property values will be the same for Active Directory objects and non-Active Directory objects.

Inheritance: IDispatch

Properties

  • Property

  • Description

  • AccessMask

  • Gets or sets a set of flags that specify access privileges for the object.

  • AceFlags

  • Gets or sets a set of flags that specify whether other containers or objects can inherit the ACE.

  • AceType

  • Gets or sets the type of the ACE.

  • Flags

  • Gets or sets a flag that indicates whether the ACE has an object type or inherited object type.

  • InheritedObjectType

  • Gets or sets a flag that indicates the type of a child object of a directory object.

  • ObjectType

  • Gets or sets a flag that indicates the directory object type.

  • Trustee

  • Gets or sets the name of the account that the ACE applies to.

Details

AccessMask

Gets or sets a set of flags that specify access rights for the object.

AceFlags

Gets or sets a set of flags that specify whether other containers or objects can inherit the ACE.

AceType

Gets or sets the type of the ACE.

Flags

Gets or sets a flag that indicates whether the ACE has an object type or inherited object type.

InheritedObjectType

Gets or sets a flag that indicates the type of a child object of a directory object. Its value is a GUID to an object in the string format. When such a GUID is set, the ACE applies only to the object referred to by the GUID.

  • Type:
  • string
  • Access:
  • Read/Write

ObjectType

Gets or sets a flag that indicates the directory object type. The value can either be a GUID of a property, or the GUID of an object type in the string format.

  • Type:
  • string
  • Access:
  • Read/Write

Remarks

  • The GUID refers to a property when ADS_RIGHT_DS_READ_PROP and ADS_RIGHT_DS_WRITE_PROP access masks are used.
  • The GUID refers to an object type when ADS_RIGHT_DS_CREATE_CHILD and ADS_RIGHT_DS_DELETE_CHILD access masks are used.

Trustee

Gets or sets the name of the account that the ACE applies to.

  • Type:
  • string
  • Access:
  • Read/Write

Requirements

Minimum required version: 2009.1

See also

© Softerra 2022. All rights reserved.
Send feedback