Location: Symbol Reference > Types > TJwOnAuthzComputeGroupsCallback Type
Collapse All
JWSCL Documentation
ContentsIndexHome
PreviousUpNext
TJwOnAuthzComputeGroupsCallback Type
JwsclAuthCtx  Types  Send Feedback
Pascal
TJwOnAuthzComputeGroupsCallback = procedure ( AuthzClientContext : TAuthZClientContextHandle; Args : Pointer; const SidAttrArray : TJwSecurityIdList; const RestrictedSidAttrArray : TJwSecurityIdList ) of object;
File
Parameters
Parameters 
Description 
AuthzClientContext 
contains the handle to the context  
Args 
is a used defined pointer that is supplied to one of the constructors of TJwAuthContext  
SidAttrArray 
defines a list of Sids to be used as additional group Sids. The instance is already created with no members. )  
Sids 
contains a list of Sids and its Attributes to be used as new groups in the security context. (like TokenGroups in a token). The list will initialized but empty and can be filled by the callee.
The attributes (AttributesType) must be set to SE_GROUP_ENABLED (sidaGroupOwner) or SE_GROUP_USE_FOR_DENY_ONLY (sidaGroupUseForDenyOnly); otherwise the call to a WinAPI function wil fail with INVALID_PARAMETERS (87).
Origin: http://msdn2.microsoft.com/en-us/library/aa375798.aspx
  • SE_GROUP_ENABLED - adds a group to the security context. It will be treated as if the User has entered a group.
  • SE_GROUP_USE_FOR_DENY_ONLY - adds a group to the security context, but this group is only used for deny check. All positive ACE for this group in a DACL are ignored. Only Deny ACEs are recognized and can turn off other positive ACEs of other groups.

 
RestrictedSids 
receives a list of Sids and its Attributes to be used as new deny only groups in the security context. (like TokenGroups in a token). The list will initialized but empty and can be filled by the callee.
The attributes (AttributesType) must be set to SE_GROUP_ENABLED (sidaGroupOwner) or SE_GROUP_USE_FOR_DENY_ONLY (sidaGroupUseForDenyOnly); otherwise the call to a WinAPI function wil fail with INVALID_PARAMETERS (87).
Origin: http://msdn2.microsoft.com/en-us/library/aa375798.aspx
  • SE_GROUP_ENABLED - (probably) the same as parameter SID and attribute SE_GROUP_USE_FOR_DENY_ONLY.
  • SE_GROUP_USE_FOR_DENY_ONLY - Results alway in Access Denied. However do not rely on me - maybe somebody with internal knowledge can comment it.
 
Description

TJwOnAuthzComputeGroupsCallback is called to add more groups to the authentication context. It is used in the creation of TJwAuthResourceManager

 

Exceptions
Exceptions 
Description 
EJwsclSecurityException 
The callee can raise any exception derived from EJwsclSecurityException. The LastError value will be used to indicate an error to the caller. The function Accesscheck will usually stop executing and return this error. 
Group
Links
Copyright (c) 2010. All rights reserved.
This help was created by Doc-O-Matic sponsored by toolsfactory software inc.
Contents | Index | Home
What do you think about this topic? Send feedback!