Location: Symbol Reference > Classes > TJwSecurityToken Class > CreateRestrictedToken Method > TJwSecurityToken.CreateRestrictedToken Constructor (TJwTokenHandle, TJwTokenAccessMask, cardinal, TJwSecurityIdList, TJwPrivilegeSet, TJwSecurityIdList)
Collapse All
JWSCL Documentation
ContentsIndexHome
PreviousUpNext
TJwSecurityToken.CreateRestrictedToken Constructor (TJwTokenHandle, TJwTokenAccessMask, cardinal, TJwSecurityIdList, TJwPrivilegeSet, TJwSecurityIdList)
TJwSecurityToken Class  TJwSecurityToken Members  CreateRestrictedToken Method  Send Feedback
Pascal
constructor CreateRestrictedToken(PrevTokenHandle: TJwTokenHandle; const TokenAccessMask: TJwTokenAccessMask; const Flags: cardinal; const SidsToDisable: TJwSecurityIdList; const PrivilegesToDelete: TJwPrivilegeSet; const RestrictedSids: TJwSecurityIdList); virtual; overload;
Parameters
Parameters 
Description 
aTokenHandle 
contains the token handle to be restricted in a new token. If this parameter is 0, first the thread token and if not existant second the process token will be used as a template,  
aTokenAccessMask 
contains the access mask of aTokenHandle. MAXIMUM_ALLOWED can be used to get the maximum access allowed.  
aFlags 
contains special flags:
  • DISABLE_MAX_PRIVILEGE 0x1 Disables all privileges in the new token. If this value is specified, the DeletePrivilegeCount and PrivilegesToDelete parameters are ignored, and the restricted token does not have the SeChangeNotifyPrivilege privilege.
  • SANDBOX_INERT 0x2 Stores this flag in the token. A token may be queried for existence of this flag using GetTokenInformation.
  • LUA_TOKEN 0x4 The new token is a LUA token.
  • WRITE_RESTRICTED 0x8 The new token contains restricting SIDs that are considered only when evaluating write access.

 
aSidsToDisable 
contains a list of SIDs that are disabled to the new token. Can be nil.  
aPrivilegesToDelete 
contains a list of privileges to be removed from the token. Can be nil.  
aRestrictedSids 
contains a list of SIDs to be restricted. Can be nil. 
Description

CreateRestrictedToken creates a new restricted token of an existing token. see http://msdn2.microsoft.com/en-us/library/aa446583.aspx for more information. 

You must set aTokenAccessMask to the token access type of aTokenHandle. 

 

Exceptions
Exceptions 
Description 
EJwsclSecurityException 
will be raised if the winapi call failed 
Group
Links
Copyright (c) 2010. All rights reserved.
This help was created by Doc-O-Matic sponsored by toolsfactory software inc.
Contents | Index | Home
What do you think about this topic? Send feedback!