Checking a Control Access Right in an Object's ACL

To check a control access right on an object's ACL, use the AccessCheckByTypeResultList function. To use this function, an application requires a pointer to the SECURITY_DESCRIPTOR for the object instead of an IADsSecurityDescriptor interface to an ADSI security descriptor COM object.

Use the following steps to check access for an controlled access right on an object:

  1. Get an IDirectoryObject interface pointer to the object.
  2. Use the IDirectoryObject::GetObjectAttributes method to get the security descriptor of the object. The name of the property containing the security descriptor is nTSecurityDescriptor. The property is returned as a pointer to a SECURITY_DESCRIPTOR structure.
  3. Use the SECURITY_DESCRIPTOR structure with the AccessCheckByTypeResultList function to check the permissions for the specified control access right for the specified client.

The example code in Example Code for Checking a Control Access Right in an Object's ACL shows, in detail, how to do this.