IADsAccessControlList
The IADsAccessControlList interface is designed to manage individual access-control entries (ACEs).
Inheritance: IEnumerable
Methods
-
Method
-
Description
-
AddAce()
-
Adds an IADsAccessControlEntry object to the access control list.
-
CopyAccessList()
-
Copies every access control entry in the access-control list (ACL) to another ACL.
-
GetEnumerator()
-
Gets an enumerator object for this access-control list.
-
RemoveAce()
-
Removes an access-control entry from the access-control list.
Properties
-
Property
-
Description
-
AceCount
-
Gets or sets the number of access control entries in the access-control list.
-
AclRevision
-
Gets or sets the access-control list revision number. All access-control entries in an ACL must be at the same revision level.
Details
AddAce()
Adds an IADsAccessControlEntry object to the IADsAccessControlList object.
void AddAce(object accessControlEntry)
Parameters
- accessControlEntry – the IADsAccessControlEntry object to add. This parameter cannot be
null.
Remarks
Access control entries must appear in a security descriptor's access control list in the following order:
- Access-denied ACEs that apply to the object itself.
- Access-denied ACEs that apply to a child of the object, such as a property set or property.
- Access-allowed ACEs that apply to the object itself.
- Access-allowed ACEs that apply to a child of the object, such as a property set or property.
- All inherited ACEs.
CopyAccessList()
Copies every access control entry (ACE) in the access-control list (ACL) to another ACL.
object CopyAccessList()
GetEnumerator()
Returns an enumerator object for this access-control list. The enumerator object implements the IEnumerator interface that can be used to enumerate access-control entries in foreach loops.
IEnumerator GetEnumerator()
RemoveAce()
Removes an access-control entry from the access-control list.
void RemoveAce(object accessControlEntry)
Parameters
- accessControlEntry – the access-control entry to remove from the access-control list.
AceCount
Gets or sets the number of access control entries in the access-control list.
- Type:
- int
- Access:
- Read/Write
AclRevision
Gets or sets the access-control list (ACL) revision number. All access control entries in an access-control list must be at the same revision level.
- Type:
- int
- Access:
- Read/Write
Remarks
Before you can work with access control entry (ACE), first obtain the ACL to which it belongs. ACLs are managed by security descriptors and can be of either discretionary ACL or system ACL type. For more information, see IADsSecurityDescriptor.
You can retrieve and enumerate ACEs, add new entries to the list, or remove existing entries using the properties and methods of the IADsAccessControlList interface.
To manage access controls:
- Get the security descriptor of the object that implements the IADsSecurityDescriptor interface.
- Get the ACL from the security descriptor.
- Work with the ACE, or ACEs, of the object in the ACL.
To make any new or modified ACEs persistent:
- Add the ACE to the ACL.
- Assign the ACL to the security descriptor.
- Commit the security descriptor to the directory.
Requirements
Minimum required version: 2009.1