Location: Symbol Reference > Classes > TJwAuthContext Class > TJwAuthContext.CreateAndAddSids Constructor
JWSCL Documentation
ContentsIndexHome
PreviousUpNext
TJwAuthContext.CreateAndAddSids Constructor
Pascal
constructor CreateAndAddSids(const AuthContext: TJwAuthContext; const Sids: TJwSecurityIdList; const RestrictedSids: TJwSecurityIdList);
Parameters 
Description 
const Sids: TJwSecurityIdList 
receives a list of Sids and its Attributes to be used as new groups in the security context. (like TokenGroups in a token).
The attributes (AttributesType) must be set to SE_GROUP_ENABLED (sidaGroupOwner) or SE_GROUP_USE_FOR_DENY_ONLY (sidaGroupUseForDenyOnly); otherwise the call to a WinAPI function wil fail with INVALID_PARAMETERS (87).
Origin: http://msdn2.microsoft.com/en-us/library/aa375798.aspx
  • SE_GROUP_ENABLED - adds a group to the security context. It will be treated as if the User has entered a group.
  • SE_GROUP_USE_FOR_DENY_ONLY - adds a group to the security context, but this group is only used for deny check. All positive ACE for this group in a DACL are ignored. Only Deny ACEs are recognized and can turn off other positive ACEs of other groups.

 
const RestrictedSids: TJwSecurityIdList 
receives a list of Sids and its Attributes to be used as new deny only groups in the security context. (like TokenGroups in a token).
The attributes (AttributesType) must be set to SE_GROUP_ENABLED (sidaGroupOwner) or SE_GROUP_USE_FOR_DENY_ONLY (sidaGroupUseForDenyOnly); otherwise the call to a WinAPI function wil fail with INVALID_PARAMETERS (87).
Origin: http://msdn2.microsoft.com/en-us/library/aa375798.aspx
  • SE_GROUP_ENABLED - (probably) the same as parameter SID and attribute SE_GROUP_USE_FOR_DENY_ONLY.
  • SE_GROUP_USE_FOR_DENY_ONLY - Results alway in Access Denied. However do not rely on me - maybe somebody with internal knowledge can comment it.
 
ResourceManager 
defines a resource manager instance. Must not be nil.  

CreateAndAddSids creates a new security context using an existing one. This function can also add additional positive and negative Sids to the context. 

 

Copyright (c) 2010. All rights reserved.
This help was created by Doc-O-Matic sponsored by toolsfactory software inc.
What do you think about this topic? Send feedback!