Checking Role Membership

You can call the ISecurityCallContext::IsCallerInRole method to determine whether an object's direct caller is a member of a particular role. This functionality is useful when you want to ensure that a certain block of code is not executed unless the caller is a member of a particular role.

For example, you could use IsCallerInRole to ensure that transactions over a specified amount, such as $1000, are performed only by members of a Managers role. If the caller is not a Manager and the transaction is over $1000, the transaction is not performed and an error message is displayed.

The preferred way to access IsCallerInRole is through the security call context object because you can use the same reference to the security call context object to obtain security properties. However, you can also access the IsCallerInRolemethod from the ObjectContext object. (See ObjectContext or IObjectContext for more information.)

If you are developing components for a Microsoft Visual Basic application, you call the GetSecurityCallContext function and then use the security call context to call IsCallerInRole, as shown in the following example:

If (GetSecurityCallContext.IsCallerInRole("Manager")) Then
   ' Go ahead and perform the transaction.
Else
   ' Display an error message.
End If

If you are developing a C or C++ application, use CoGetCallContext to retrieve a pointer to the ISecurityCallContext interface. Then you call ISecurityCallContext::IsCallerInRole, as shown in the following example:

ISecurityCallContext* pSecCtx;
VARIANT_BOOL bIsInRole;

HRESULT hr = CoGetCallContext(IID_ISecurityCallContext, (void**)&pSecCtx);
if (FAILED(hr)) throw(hr);
if (NULL == pSecCtx) { 
    // No security call context is available.
    // Display an error message and return.
    return E_FAIL;
}
hr = pSecCtx->IsCallerInRole(myRole, &bIsInRole);
return hr;

Related topics

Accessing Security Call Context Information

Determining Whether Role-Based Security Is Enabled

Programmatic Component Security