Assigning a Role

Private Sub AssignRole()
On Error GoTo errHandler

'Gets the role container and then obtains the role to be assigned

Dim objRoleContainer As IRoleContainer

Set objRoleContainer = g_objNameSpace.GetRoleContainer

'Gets the "UserCreationManager" role from the role container

Dim objRoleToAssign As Role

Set objRoleToAssign = objRoleContainer.GetRolesOnNames("UserCreationManager")

'IRoleBasedSD: Interface RoleBased Security Descriptor

'Interface for making any Active directory related operations

'using role objects. OR Role assignement/unassignement operations using AD Objects

Dim objRoleBasedSD As IRoleBasedSD

Set objRoleBasedSD = g_objNameSpace.GetRoleBasedSD("LDAP://,OU=TestHierarchy,DC=drc,DC=DR,DC=com")

'RoleBasedACL: RoleBased Access Control List of the AD object

'Has to be obtained from the objRoleBasedSD of the object

Dim objRoleBasedACL As RoleBasedACL

Set objRoleBasedACL = objRoleBasedSD.RoleBasedACL

'RoleBasedACL contains a list of RoleBasedACE

'RoleBasedACE: RoleBased Access Control Entry

'Creates a new RoleBasedACE

 Dim objRoleBasedACE As RoleBasedACE

 Set objRoleBasedACE = New RoleBasedACE 

'Sets RoleBasedACE properties, i.e. The Role to be assigned/unassigned,

'in this case to be assigned

objRoleBasedACE.Role = objRoleToAssign 

'RoleBasedACE has a property called Trustee, which specifies which trustee is the role to be given to

'The Object ofcource will be specified by the objRoleBasedSD of the object

'So set the trustee path

Dim objTrustee As Trustee

Set objTrustee = New Trustee

objTrustee.Path ="LDAP://,CN=Users,DC=drc,DC=DR,DC=com" 'or "LDAP://,CN=Users,DC=drc,DC=DR,DC=com"

'Sets RoleBasedACE properties, i.e. The Trustee object

objRoleBasedACE.Trustee = objTrustee

objRoleBasedACE.InheritanceOrAuditFlags = inheritanceFlag.kInheritanceFlagSubtree

'Now Add the RoleBasedACE to the RoleBasedACL of the Role.

objRoleBasedACL.AddACE objRoleBasedACE

'Sets the RoleBasedACL of the RoleBasedSD

objRoleBasedSD.RoleBasedACL = objRoleBasedACL

'Save/Stamp/Persist the data to the disk. Errors in case, if any

'like trustee not found, Access denied etc will come here


Exit Sub


MsgBox "Error Assigning the UserCreationManager Role" & " Error no: " & Err.Number & " ErrorDescription: " & Err.Description

End Sub


See Also