共用方式為


ADS_SECURITY_INFO_ENUM列舉 (iads.h)

ADS_SECURITY_INFO_ENUM列舉會指定檢查物件安全性數據的可用選項。

Syntax

typedef enum __MIDL___MIDL_itf_ads_0001_0077_0002 {
  ADS_SECURITY_INFO_OWNER = 0x1,
  ADS_SECURITY_INFO_GROUP = 0x2,
  ADS_SECURITY_INFO_DACL = 0x4,
  ADS_SECURITY_INFO_SACL = 0x8
} ADS_SECURITY_INFO_ENUM;

常數

 
ADS_SECURITY_INFO_OWNER
值: 0x1
讀取或設定擁有者數據。
ADS_SECURITY_INFO_GROUP
值: 0x2
讀取或設定群組數據。
ADS_SECURITY_INFO_DACL
值: 0x4
讀取或設定任意訪問控制清單數據。
ADS_SECURITY_INFO_SACL
值: 0x8
讀取或設定系統訪問控制清單數據。

備註

這個列舉中定義的選項是位掩碼。 您可以使用適當的位作業來設定多個選項。

若要讀取對象的安全性數據,請使用 IADsObjectOptions 介面,並提供此列舉中列出的安全性數據選項。

下列清單列出常見的旗標組合及其使用方式。

旗標組合 Description
ADS_SECURITY_INFO_OWNERADS_SECURITY_INFO_GROUPADS_SECURITY_INFO_DACL 讓使用者讀取物件擁有者、群組或 DACL 的安全性數據。 這是建立物件時的預設設定。
ADS_SECURITY_INFO_OWNERADS_SECURITY_INFO_GROUPADS_SECURITY_INFO_DACLADS_SECURITY_INFO_SACL 讓使用者讀取 SACL。 無法單獨使用 ADS_SECURITY_INFO_SACL 旗標。
 

目前,這類選項僅適用於Active Directory。

因為 Visual Basic Scripting Edition (VBScript) 無法從類型庫讀取數據,所以應用程式必須使用適當的數值常數,而不是符號常數來設定適當的旗標。 若要使用符號常數作為良好的程序設計做法,請撰寫這類常數的明確宣告,如這裡所完成。

範例

下列程式代碼範例會顯示 SACL 中的存取控制項目數目。

Const ADS_SECURITY_INFO_OWNER = &H1
Const ADS_SECURITY_INFO_GROUP = &H2
Const ADS_SECURITY_INFO_DACL = &H4
Const ADS_SECURITY_INFO_SACL = &H8

Const ADS_OPTION_SECURITY_MASK = 3

Dim x As IADs
Dim dso As IADsOpenDSObject
Dim adsPath As String
Dim sd As IADsSecurityDescriptor
Dim sacl As IADsAccessControlList
Dim objOps As IADsObjectOptions
Dim opt As Variant
Dim canReadSacl As Variant
 
Set dso = GetObject("LDAP:")
adsPath = "LDAP://ArcSrv1/dc=Sales,dc=Fabrikam,dc=com"
Set x = dso.OpenDSObject(adsPath, vbNullString, vbNullString, 1)
Set objOps = x
 
canReadSacl = ADS_SECURITY_INFO_OWNER _
                Or ADS_SECURITY_INFO_GROUP _
                Or ADS_SECURITY_INFO_DACL _
                Or ADS_SECURITY_INFO_SACL
 
opt = objOps.GetOption(ADS_OPTION_SECURITY_MASK)
If opt <> canReadSacl Then
    objOps.SetOption ADS_OPTION_SECURITY_MASK, canReadSacl
End If
Set sd = x.Get("ntSecurityDescriptor")
Set sacl = sd.SystemAcl
Debug.Print "sacl(aceCount)= " & sacl.AceCount

下列程式代碼範例會顯示系統 ACL 中的存取控制項目數目。 為了簡潔起見,省略錯誤檢查。

void TestObjectOptions()
{
    long lCanReadSACL = ADS_SECURITY_INFO_OWNER | 
        ADS_SECURITY_INFO_GROUP | 
        ADS_SECURITY_INFO_DACL | 
        ADS_SECURITY_INFO_SACL;

    HRESULT hr = S_OK;
    CComPtr<IADs> spObj;
    hr = ADsOpenObject(L"LDAP://arcSrv1/dc=Sales,dc=Fabrikam,dc=com", 
        NULL, 
        NULL,
        ADS_SECURE_AUTHENTICATION,
        IID_IADs,
        (void**)&spObj);
    if(S_OK != hr)
    {
        return;
    }

    CComPtr<IADsObjectOptions> spObjOps;
    hr = spObj->QueryInterface(IID_IADsObjectOptions, (void**)&spObjOps);
    if(S_OK != hr)
    {
        return;
    }

    CComVariant svar;
    hr = spObjOps->GetOption(ADS_OPTION_SECURITY_MASK, &svar);
    if(S_OK != hr)
    {
        return;
    }

    if(V_I4(&svar) != lCanReadSACL)
    {
        svar = lCanReadSACL;
        hr = spObjOps->SetOption(ADS_OPTION_SECURITY_MASK, svar);
    }

    hr = spObj->Get(CComBSTR("ntSecurityDescriptor"), &svar);
    if(S_OK != hr)
    {
        return;
    }

    CComPtr<IADsSecurityDescriptor> spSd;
    hr = V_DISPATCH(&svar)->QueryInterface(IID_IADsSecurityDescriptor, 
                                            (void**)&spSd);
    if(S_OK != hr)
    {
        return;
    }

    CComPtr<IDispatch> spDisp;
    hr = spSd->get_SystemAcl(&spDisp);
    if(S_OK != hr)
    {
        return;
    }

    CComPtr<IADsAccessControlList> spSacl;
    hr = spDisp->QueryInterface(IID_IADsAccessControlList, 
                                (void**)&spSacl);
    if(S_OK != hr)
    {
        return;
    }

    LONG lOptions;
    hr = spSacl->get_AceCount(&lOptions);
    if(S_OK != hr)
    {
        return;
    }

    _tprintf(TEXT("Number of ACE's in the SACL is %d\n"), lOptions);
}

規格需求

需求
最低支援的用戶端 Windows Vista
最低支援的伺服器 Windows Server 2008
標頭 iads.h

另請參閱

ADSI 列舉

IADsObjectOptions

IADsObjectOptions::GetOption

IADsObjectOptions::SetOption