IADsAccessControlList

The IADsAccessControlList interface is designed to manage individual access-control entries (ACEs).

Inheritance: IEnumerable

Methods

Properties

  • Property

  • Description

  • AceCount

  • Gets or sets the number of access control entries in the access-control list.

  • AclRevision

  • Gets or sets the ACL revision number. All ACEs in an ACL must be at the same revision level.

Details

AddAce()

Adds an IADsAccessControlEntry object to the IADsAccessControlList object.

void AddAce(object accessControlEntry)

Parameters

The accessControlEntry parameter specifies the IADsAccessControlEntry object to be added. This parameter cannot be null.

Remarks

Access control entries must appear in the following order in a security descriptor's access control list:

  • Access-denied ACEs that apply to the object itself
  • Access-denied ACEs that apply to a child of the object, such as a property set or property
  • Access-allowed ACEs that apply to the object itself
  • Access-allowed ACEs that apply to a child of the object, such as a property set or property
  • All inherited ACEs

CopyAccessList()

Copies every access control entry (ACE) in the access-control list (ACL) to another ACL.

object CopyAccessList()

GetEnumerator()

Returns an enumerator object for this ACL. The enumerator object implements the IEnumerator interface that can be used to enumerate ACEs in foreach loops.

IEnumerator GetEnumerator()

RemoveAce()

Removes an access-control entry (ACE) from the access-control list (ACL).

void RemoveAce(object accessControlEntry)

Parameters

The accessControlEntry parameter specifies the ACE to be removed from the ACL.


AceCount

Gets or sets the number of access control entries in the access-control list.

  • Type:
  • int
  • Access:
  • Read/Write

AclRevision

Gets or sets the ACL revision number. All ACEs in an ACL must be at the same revision level.

  • Type:
  • int
  • Access:
  • Read/Write

Remarks

Before you can work with an object ACE, first obtain the ACL to which they belong. ACLs are managed by security descriptors and can be of either discretionary ACL or system ACL type. For more information, see IADsSecurityDescriptor.

Using properties and methods of the IADsAccessControlList interface, you can retrieve and enumerate ACEs, add new entries to the list, or remove existing entries.

To manage access controls:

  • First, get the security descriptor of the object that implements the IADsSecurityDescriptor interface.
  • Second, get the ACL from the security descriptor.
  • Third, work with the ACE, or ACEs, of the object in the ACL.

To make any new or modified ACEs persistent:

  • First, add the ACE to the ACL.
  • Second, assign the ACL to the security descriptor.
  • Third, commit the security descriptor to the directory.

Requirements

Minimum required version: 2009.1

See also