IADsSecurityDescriptor

The IADsSecurityDescriptor interface represents an ADSI security descriptor.

Inheritance: IDispatch

Methods

Properties

  • Property

  • Description

  • Control

  • Gets or sets flags that qualify the meaning of the security descriptor.

  • DaclDefaulted

  • Gets or sets a value that indicates if the discretionary access-control list (DACL) is derived from a default mechanism, rather than being provided explicitly by the original provider of the security descriptor.

  • DiscretionaryAcl

  • Gets or sets the discretionary access-control list (DACL) associated with the security descriptor.

  • Group

  • Gets or sets the group that owns the object associated with the security descriptor.

  • GroupDefaulted

  • Gets or sets a value that indicates if the group data is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor.

  • Owner

  • Gets or sets the owner of the object associated with the security descriptor.

  • OwnerDefaulted

  • Gets or sets a value that indicates that the owner data is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor.

  • Revision

  • Gets or sets the revision level of the security descriptor.

  • SaclDefaulted

  • Gets or sets a value that indicates that the system ACL (SACL) is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor.

  • SystemAcl

  • Gets or sets the system ACL associated with the security descriptor.

Details

CopySecurityDescriptor()

Copies an ADSI security descriptor object that holds security data about an object.

object CopySecurityDescriptor()

Control

Gets or sets flags that qualify the meaning of the security descriptor. For a list of possible values, see SECURITY_DESCRIPTOR_CONTROL.

  • Type:
  • int
  • Access:
  • Read/Write

DaclDefaulted

Gets or sets a value that indicates if the discretionary access-control list (DACL) is derived from a default mechanism, rather than being provided explicitly by the original provider of the security descriptor.

  • Type:
  • bool
  • Access:
  • Read/Write

Remarks

For example, if an object's creator does not specify a discretionary access-control list (DACL), the object receives the default DACL from the creator's access token. This flag can affect how the system treats the DACL, with respect to ACE inheritance. The system ignores this flag, if the SE_DACL_PRESENT flag is not set.


DiscretionaryAcl

Gets or sets the discretionary access-control list (DACL) associated with the security descriptor. The DACL specifies types of access granted to the object for the specified users and groups.

  • Type:
  • Object
  • Access:
  • Read/Write

Group

Gets or sets the group that owns the object associated with the security descriptor.

  • Type:
  • string
  • Access:
  • Read/Write

GroupDefaulted

Gets or sets a value that indicates if the group data is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor.

  • Type:
  • bool
  • Access:
  • Read/Write

Owner

Gets or sets the owner of the object associated with the security descriptor.

  • Type:
  • string
  • Access:
  • Read/Write

OwnerDefaulted

Gets or sets a value that indicates that the owner data is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor.

  • Type:
  • bool
  • Access:
  • Read/Write

Revision

Gets or sets the revision level of the security descriptor.

  • Type:
  • int
  • Access:
  • Read/Write

Remarks

For a list of possible values, see ACL_REVISION_INFORMATION. All ACEs in an ACL must be at the same revision level.


SaclDefaulted

Gets or sets a value that indicates that the system ACL (SACL) is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor. This flag can affect how the system handles the SACL, with respect to ACE inheritance. The system ignores this flag, if the SE_SACL_PRESENT flag is not set.

  • Type:
  • bool
  • Access:
  • Read/Write

SystemAcl

Gets or sets the system ACL associated with the security descriptor.

  • Type:
  • Object
  • Access:
  • Read/Write

Remarks

Use this interface to examine and change the access controls to an Active Directory object. You can also use it to create copies of a security descriptor. To get this interface, use the IADs::Get method to obtain the ntSecurityDescriptor property of the object.

Often, it is not possible to modify all portions of the security descriptor. For example, if the current user has full control of an object, but is not an administrator and does not own the object, the user can modify the DACL, but cannot modify the owner. This will cause an error when the ntSecurityDescriptor is updated. To avoid this problem, the IADsObjectOptions interface can be used to specify the specific portions of the security descriptor that should be modified.

Requirements

Minimum required version: 2009.1

See also