IADsAccessControlList::AddAce 方法 (iads.h)
IADsAccessControlList::AddAce方法會將IADsAccessControlEntry物件新增至IADsAccessControlList物件。
語法
HRESULT AddAce(
[in] IDispatch *pAccessControlEntry
);
參數
[in] pAccessControlEntry
要加入之 IADsAccessControlEntry物件的IDispatch介面指標。 此參數不可為 Null。
傳回值
傳回標準 HRESULT 值,包括下列專案。
備註
存取控制專案必須以下列順序出現在安全性描述項的存取控制清單中:
- 套用至物件本身的拒絕存取 ACE
- 套用至物件子系的拒絕存取 ACE,例如屬性集或屬性
- 套用至物件本身的存取允許 ACE
- 套用至物件子系的存取允許 ACE,例如屬性集或屬性
- 所有繼承的 ACE
範例
下列 Visual Basic 程式碼範例示範如何使用 IADsAccessControlList::AddAce 方法,將兩個 ACE 新增至 ACL。
Const ACL_REVISION_DS = &H4
Dim x as IADs
Dim sd as IADsSecurityDescriptor
Dim Ace1 As new IADsAccessControlEntry
Dim Ace2 As new IADsAccessControlEntry
Dim Dacl As new IADsAccessControlList
On Error GoTo Cleanup
Set x = GetObject("LDAP://OU=Sales,DC=Fabrikam,DC=com")
Set sd = x.Get("ntSecurityDescriptor")
' Add the ACEs to the Discretionary ACL.
Dacl.AclRevision = ACL_REVISION_DS 'DS ACL Revision
' Set up the first ACE.
Ace1.AccessMask = -1 'Full Permission (Allowed)
Ace1.AceType = ADS_ACETYPE_ACCESS_ALLOWED
Ace1.AceFlags = ADS_ACEFLAG_INHERIT_ACE
Ace1.Trustee = "myMachine\Administrator"
' Set up the 2nd ACE.
Ace2.AccessMask = -1 'Full Permission (Denied)
Ace2.AceType = ADS_ACETYPE_ACCESS_DENIED
Ace2.AceFlags = ADS_ACEFLAG_INHERIT_ACE
Ace2.Trustee = "aDomain\aUser"
' Add the ACEs to the Discretionary ACL.
Dacl.AddAce Ace1
Dacl.AddAce Ace2
'Commit the changes.
sd.DiscretionaryAcl = Dacl
x.Put "ntSecurityDescriptor", Array(sd)
x.SetInfo
Cleanup:
If (Err.Number<>0) Then
MsgBox("An error has occurred. " & Err.Number)
End If
Set Ace1 = Nothing
Set Ace2 = Nothing
Set Dacl = Nothing
Set x = Nothing
Set sd = Nothing
下列 C++ 程式碼範例會使用 IADsAccessControlList::AddAce 方法,將 ACE 新增至 ACL。 新增的 ACE 具有完整許可權的允許存取權限。
HRESULT addAceTo(IADsAccessControlList *pAcl)
{
if(!pAcl)
{
return E_FAIL;
}
HRESULT hr = pAcl->put_AclRevision(ACL_REVISION_DS);
if(FAILED(hr))
{
return hr;
}
IADsAccessControlEntry *pAce = NULL;
pAce = createAce(-1, // Full permissions.
ADS_ACETYPE_ACCESS_ALLOWED,
ADS_ACEFLAG_INHERIT_ACE,
CComBSTR("aDomain\\aUser"));
if(!pAce)
{
return E_FAIL;
}
IDispatch *pDisp;
hr = pAce->QueryInterface(IID_IDispatch,(void**)&pDisp);
if(FAILED(hr))
{
pAce->Release();
return hr;
}
hr = pAcl->AddAce(pDisp);
pDisp->Release();
if(pAce) pAce->Release();
if(FAILED(hr))
{
return hr;
}
printf("Ace has been added to ACL.\n");
return hr;
}
////////////////////////////////////
// function to create an allowed ACE
////////////////////////////////////
IADsAccessControlEntry *createAce(
long mask,
long type,
long flag,
BSTR trustee)
{
HRESULT hr;
IADsAccessControlEntry *pAce;
hr = CoCreateInstance(CLSID_AccessControlEntry,
NULL,
CLSCTX_INPROC_SERVER,
IID_IADsAccessControlEntry,
(void**)&pAce);
if(FAILED(hr))
{
if(pAce)
{
pAce->Release();
}
return NULL;
}
hr = pAce->put_AccessMask(mask);
hr = pAce->put_AceType(type);
hr = pAce->put_AceFlags(flag);
hr = pAce->put_Trustee(trustee);
return pAce;
}
需求
| 最低支援的用戶端 | Windows Vista |
| 最低支援的伺服器 | Windows Server 2008 |
| 目標平台 | Windows |
| 標頭 | iads.h |
| Dll | Activeds.dll |
另請參閱
意見反應
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:https://aka.ms/ContentUserFeedback。
提交並檢視相關的意見反應