Location: Symbol Reference > Classes > TJwAuthContext Class > TJwAuthContext Methods > TJwAuthContext.AccessCheckCached Method
JWSCL Documentation
TJwAuthContext.AccessCheckCached Method
procedure AccessCheckCached(const AccessCheckHandle: TAuthZAccessCheckResultHandle; Flags: Cardinal; const Request: TJwAuthZAccessRequest; const AuditInfo: TAuthZAuditInfoHandle; out Reply: TJwAuthZAccessReply);
const AccessCheckHandle: TAuthZAccessCheckResultHandle 
receives an handle that was previously retrieved by a call to AccessCheck. The handle must be freed by the WinAPI call AuthzFreeHandle .  
Flags: Cardinal 
from http://msdn2.microsoft.com/en-us/library/aa375788.aspx A DWORD value that specifies how the security descriptor is copied. This parameter can be one of the following values.
  • Value Meaning
  • 0 If pAuthzHandle is not NULL, a deep copy of the security descriptor is copied to the handle referenced by pAuthzHandle.
  • AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 1 A deep copy of the security descriptor is not performed. The caller can use the handle for AccessCheckCached .

The AccessCheck function sets this handle to a security descriptor that must remain valid during subsequent calls to AccessCheckCached.
const Request: TJwAuthZAccessRequest 
receives a class that contains information about the access check procedure. This instance is automatically freed if no exception was raised and Request.Shared is shOwned.
const AuditInfo: TAuthZAuditInfoHandle 
Receives audit information handle. If this handle is zero the static audit information is read from resource manager  
out Reply: TJwAuthZAccessReply 
receives the results of the access check 

AccessCheckCached does a cached access check of an authentication context. The context contains Sids, restricted sids, several security descriptors, auditing information and the user herself. 


A cached access check is really a bit comparison of the desired access with the granted access. Thus this function is only useful if access checks are done several times using the same user (SID), e.g. a repeating access check using different desired access masks for different function calls. An access check for different users must be done by using method AccessCheck.

if a call to AuthzAccessCheck failed. 
will be raised if parameter Request, SecurityDescriptor or Request.PrincipalSelfSid is nil 
Copyright (c) 2010. All rights reserved.
This help was created by Doc-O-Matic sponsored by toolsfactory software inc.
What do you think about this topic? Send feedback!