Location: Symbol Reference > Classes > TJwAuthContext Class > TJwAuthContext Methods > TJwAuthContext.AccessCheck Method
JWSCL Documentation
TJwAuthContext.AccessCheck Method
procedure AccessCheck(Flags: Cardinal; const Request: TJwAuthZAccessRequest; const AuditInfo: TAuthZAuditInfoHandle; const SecurityDescriptor: TJwSecurityDescriptor; const OptionalSecurityDescriptorArray: TJwSecurityDescriptorArray; const GenericMapping: TJwSecurityGenericMappingClass; out Reply: TJwAuthZAccessReply; AuthZHandle: PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE);
Flags: Cardinal 
from http://msdn2.microsoft.com/en-us/library/aa375788.aspx A DWORD value that specifies how the security descriptor is copied. This parameter can be one of the following values.

Value : Meaning
0 : If pAuthzHandle is not NULL, a deep copy of the security descriptor is copied to the handle referenced by pAuthzHandle.
AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 1 : A deep copy of the security descriptor is not performed. The caller can use the handle for AccessCheckCached . The AccessCheck function sets this handle to a security descriptor that must remain valid during subsequent calls to AccessCheckCached.
const Request: TJwAuthZAccessRequest 
receives a class that contains information about the access check procedure. This instance is automatically freed if no exception was raised and Request.Shared is shOwned.
const AuditInfo: TAuthZAuditInfoHandle 
Receives audit information handle. If this handle is zero the static audit information is read from resource manager 
const SecurityDescriptor: TJwSecurityDescriptor 
defines the primary SD which is used to perfom access checking. The owner and group must not be nil; otherwise the call will fail 
const OptionalSecurityDescriptorArray: TJwSecurityDescriptorArray 
defines additional security descriptor which are used for the access check. They are simply added at the end of the primary security descriptor (logical order). The canonical ACE order is not enforced. Deny ACE in the optional security descriptors may be useless if a positive ACE could be found in the primary security descriptor.
out Reply: TJwAuthZAccessReply 
receives the results of the access check 
A pointer to a handle to the cached results of the access check. Set to nil if not used. Any created handle will be freed automatically when the instance is freed. 

AccessCheck does an access check of an authentication context. The context contains Sids, restricted sids, several security descriptors, auditing information and the user herself.

if a call to AuthzAccessCheck failed. 
will be raised if parameter Request, SecurityDescriptor or Request.PrincipalSelfSid is nil 
Copyright (c) 2010. All rights reserved.
This help was created by Doc-O-Matic sponsored by toolsfactory software inc.
What do you think about this topic? Send feedback!