|
JWSCL Documentation
|
   |
   |
class function AccessCheck(const SecurityDescriptor: TJwSecurityDescriptor; const ClientToken: TJwSecurityToken; const DesiredAccess: TJwAccessMask; const GenericMapping: TJwSecurityGenericMappingClass): Boolean; override; overload;
|
Parameters |
Description |
|
const SecurityDescriptor: TJwSecurityDescriptor |
Contains the security descriptor that is used to check for access. |
|
const ClientToken: TJwSecurityToken |
A token that is used to get the SID and privileges which are used to check against the security descriptor. The parameter can be nil to use the current thread or process token. In contrast to the original AccessCheck API function, this method automatically adjusts the token type to "impersonation" if the given token is a primary one. This prevents the error ERROR_NO_IMPERSONATION_TOKEN (1309). If ClientToken is not nil the method makes a copy of ClientToken and converts it to a thread token. If ClientToken is nil, it retrieves the current thread or primary token (if no thread token is available) and, in the latter case, converts it to a thread token. Furthermore this method does not impersonate any token and thus leaves an already existing thread token intact. |
|
const DesiredAccess: TJwAccessMask |
Defines the desired access to the object. New Although the MSDN AccessCheck forbids generic rights (like GENERIC_ALL) in this Parameter. The method AccessCheck will replace all generic rights with specific rights using the mapping defined by parameter GenericMapping. However the original SecurityDescriptor will remain the same. Warning Some generic access rights may overlap. This can lead to access denied. Example DACL contains a positive ACE with GENERIC_WRITE and a negative ACE with GENERIC_READ A call to AccessCheck with DesiredAccess set to GENERIC_WRITE and GenericMapping set to TJwSecurityFileMapping (using FileGenericMapping) will fail because GENERIC_WRITE and GENERIC_READ are resolve to FILE_GENERIC_WRITE and FILE_GENERIC_READ which both contain SYNCHRONIZE ($100000) and READ_CONTROL ($2000). |
|
const GenericMapping: TJwSecurityGenericMappingClass |
Receives a class type of the class TJwSecurityGenericMapping or one of her derived classes. If the generic class TJwSecurityGenericMapping is used, all generic access rights are mapped to standard access rights (STANDARD_RIGHTS_READ...STANDARD_RIGHTS_ALL). Use only access rights in parameter DesiredAccess that are mapped by the given TJwSecurityGenericMappingClass class; otherwise AccessChec will fail with EJwsclWinCallFailedException. E.g. TJwSecurityGenericMappingClass can be used with DesiredAccess set to STANDARD_RIGHTS_ALL. New All access entriey (ACEs) in the security descriptor DACL are scanned for GENERIC access rights (like GENERIC_ALL) and automatically converted to specific rights using parameter GenericMapping. However the original SecurityDescriptor will remain the same. This will not happen, if nil is supplied to this parameter. Make sure there are no generic rights in the ACL or DesiredAccess parameter. |
AccessCheck checks the access to a security descriptor of a secure object. See AccessCheck in MSDN for more information
|
Exceptions |
Description |
|
will be raised if parameter SecurityDescriptor is nil; | |
|
will be raised if the call to AccessCheck failed. | |
|
will be raised if the owner of the security descriptor is nil. Use JwNullSID to remove influence of owner to AccessCheck call. | |
|
will be raised if the group of the security descriptor is nil. Use JwNullSID to remove influence of group to AccessCheck call. TJwSecureGeneralObject |
|
Copyright (c) 2010. All rights reserved.
This help was created by Doc-O-Matic sponsored by toolsfactory software inc. |
|
What do you think about this topic? Send feedback!
|
