AuthzInitializeResourceManagerEx function (authz.h)
The AuthzInitializeResourceManagerEx function initializes an Authz resource manager and returns a handle to it. Use this function rather than AuthzInitializeResourceManager when you want the resource manager to manage Central Access Policies (CAPs).
AUTHZAPI BOOL AuthzInitializeResourceManagerEx(
[in, optional] DWORD Flags,
[in, optional] PAUTHZ_INIT_INFO pAuthzInitInfo,
[out] PAUTHZ_RESOURCE_MANAGER_HANDLE phAuthzResourceManager
);
[in, optional] Flags
A DWORD value that defines how the resource manager is initialized. This parameter can be one or more of the following values.
[in, optional] pAuthzInitInfo
A pointer to a AUTHZ_INIT_INFO structure that contains the authorization resource manager initialization information.
[out] phAuthzResourceManager
A pointer to the returned resource manager handle. When you have finished using the handle, free it by using the AuthzFreeResourceManager function.
If the function succeeds, the function returns a value of TRUE.
If the function fails, it returns a value of FALSE. To get extended error information, call GetLastError.
If the AUTHZ_RM_FLAG_NO_CENTRAL_ACCESS_POLICIES flag is specified, then AuthzAccessCheck and AuthzCachedAccessCheck ignore CAPID (Central Access Policie ID) access control entriesSYSTEM_SCOPED_POLICY_ID_ACE and will not evaluate CAPs.
If the AUTHZ_RM_FLAG_NO_CENTRAL_ACCESS_POLICIES flag is not specified and pfnGetCentralAccessPolicy is NULL, then AuthzAccessCheck and AuthzCachedAccessCheck will get CAPs from LSA. For more information, see LsaGetAppliedCAPIDs.
If the AUTHZ_RM_FLAG_NO_CENTRAL_ACCESS_POLICIES flag is not specified and a central access policy callback is provided by the resource manager, then AuthzAccessCheck and AuthzCachedAccessCheck will get CAPs from the resource manager by invoking the callback.
The LSA and the central access policy callback can indicate that CAPs are not supported, in which case AuthzAccessCheck and AuthzCachedAccessCheck ignore CAPID ACEs and will not evaluate CAPs.
The LSA and the central access policy callback may fail to return a CAP that corresponds to a particular CAPID, in which case AuthzAccessCheck and AuthzCachedAccessCheck use the same default CAP as the kernel AccessCheck.
Requirement | Value |
---|---|
Minimum supported client | Windows 8 [desktop apps only] |
Minimum supported server | Windows Server 2012 [desktop apps only] |
Target Platform | Windows |
Header | authz.h |
Library | Authz.lib |
DLL | Authz.dll |