Directory Services |
The following code example contains a function that creates an ACE that assigns rights that are inherited by the specified type of object but are not effective on the current object:
[C++]
// Create an ACE that is inherited by child objects of the specified type,
// but does not apply to the current object.
// This ACE is also propagated to all descendants of the current object.
HRESULT CreateAceNoEffectiveInheritObject(
LPWSTR pwszTrustee,
long lAccessRights,
long lAccessType,
LPWSTR pwszObjectGUID,
LPWSTR pwszInheritedObjectGUID,
IDispatch **ppDispACE)
{
if(IsBadWritePtr(ppDispACE, sizeof(LPVOID)))
{
return E_INVALIDARG;
}
HRESULT hr = E_FAIL;
IADsAccessControlEntry *pACE = NULL;
long lFlags = 0L;
// Create the COM object for the new ACE.
hr = CoCreateInstance( CLSID_AccessControlEntry,
NULL,
CLSCTX_INPROC_SERVER,
IID_IADsAccessControlEntry,
(void **)&pACE);
if (SUCCEEDED(hr))
{
// Set the properties of the new ACE.
// Set the access mask that contains the rights to assign.
hr = pACE->put_AccessMask(lAccessRights);
// Set the trustee.
hr = pACE->put_Trustee(pwszTrustee);
// Set the AceType.
hr = pACE->put_AceType(lAccessType);
/*
For this function, set AceFlags so that ACE is inherited by child
objects, but not effective on the current object.
*/
// Set AceFlags to ADS_ACEFLAG_INHERIT_ACE and ADS_ACEFLAG_INHERIT_ONLY_ACE.
hr = pACE->put_AceFlags(ADS_ACEFLAG_INHERIT_ACE | ADS_ACEFLAG_INHERIT_ONLY_ACE);
/*
If an szObjectGUID is specified, add ADS_FLAG_OBJECT_TYPE_PRESENT flag
to the lFlags mask and set the ObjectType.
*/
if (pwszObjectGUID)
{
lFlags |= ADS_FLAG_OBJECT_TYPE_PRESENT;
hr = pACE->put_ObjectType(pwszObjectGUID);
}
/*
If an szInheritedObjectGUID is specified, add
ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT flag to the lFlags mask and set
the InheritedObjectType.
*/
if (pwszInheritedObjectGUID)
{
lFlags |= ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT;
hr = pACE->put_InheritedObjectType(pwszInheritedObjectGUID);
}
// Set flags if ObjectType or InheritedObjectType were set.
if (lFlags)
{
hr = pACE->put_Flags(lFlags);
}
// QI for IDispatch pointer to pass to the AddAce method.
hr = pACE->QueryInterface(IID_IDispatch, (void**)ppDispACE);
}
return hr;
}