IObjectSecurity Interface

Inherited from

Applies to Objects

The IObjectSecurity interface is useful in the management of Discretionary Access Control Lists (DACLs) for Windows securable objects such as NTFS files and directories, the registry, and attached printers. You can use methods of the IObjectSecurity interface to manage access to the objects, and to get access information such as the owner of an object, the primary group of the owner, and permissions allowed to the various users and groups.

Property/Method	Description
AttachFile	Initializes File object security.
AttachFileShare	Initializes the ObjectSecurity object with the specified file share's security
AttachPrinter	Initialize the ObjectSecurity object with the specified printer's security
AttachRegistryKey	Initializes the ObjectSecurity object with the specified registrykey's security
GetAccessList	Gets the access control list for an object.
GetAccessPermissions	Returns the access permissions for the user or group specified.
GetAllPermissions	Gets all possible permissions on an object.
GetEffectivePermissions	Gets the access permissions for a trustee. If the trustee is a user, it gets the effective permissions the user gets as a result of being a member of various Groups.
GrantAccessPermissions	Adds the access permissions specified for a specified trustee (i.e., user or group).
IsAccessAllowed	Checks whether a specified user or group has the specified permission on an object.
Owner	Gets or sets the owner of the object.
PrimaryGroup	Gets or sets the primary group associated with the object.
RevokeAccessPermissions	Removes the specified permissions for a trustee.
SetAccessPermissions	Sets the permissions specified for a specified trustee.
SetSecurityOnFile	Copies the security permissions of an attached file to a specified file.
SetSecurityOnRegistryKey	Copies the security permissions of an attached registry key to a specified registry key.

Remarks
Attach: To use the functionality provided by the IObjectSecurity interface, you need to first attach the securable object of Windows. This can be done using the AttachXXXX functions of IObjectSecurity.

Reuse: Once the security object is created, you can attach different securable objects to it, such as, files, directories, registry keys, and printers. At any given time, you can have only one securable object attached to an ObjectSecurity object.

Example

'To initialize the ObjectSecurity object
Dim objectSec As IObjectSecurity
Set objectSec = CreateObject("DirectScript.ObjectSecurity")
'If D:\ is a NTFS volume
objectSec.AttachFile("d:\myfiles\foo.doc")
'Get/set security properties of this file
'Attach another file. Connection to the earlier file is lost
objectSec.AttachFile("\\MOON\d$\myfiles\AnotherFoo.doc")