Determines if the given trustee has access rights to the object/property.
HRESULT IsAccessAllowed(
PTRUSTEEW pTrustee, //Pointer to the trustee
LPWSTR lpProperty, //Name of the property
ACCESS_RIGHTS AccessRights, //Access rights on the object
BOOL * pfAccessAllowed //Pointer to access permission
);
In the system-supplied implementation of IAccessControl (CLSID_DCOMAccessControl), IsAccessAllowed can be called only during a distributed COM call, and the only valid trustee name is the name of the client.
This method uses the ACCESS_RIGHTS data structure, which is defined as follows:
typedef ULONG ACCESS_RIGHTS
Bit 28 in an access permission can have the following values:
#define ACTRL_ACCESS_ALLOWED 0x00000000
//Denotes that this is an access-allowed entry
#define ACTRL_ACCESS_DENIED 0x10000000
//Denotes that this is an access-denied entry
The following table lists the object-specific access permissions:
| Access Permission | Object-type | Description |
|---|---|---|
| ACTRL_DS_OPEN | Ds | Open of a DS object |
| ACTRL_DS_CREATE_CHILD | Ds | Creation of a child object |
| ACTRL_DS_DELETE_CHILD | Ds | Deletion of a child object |
| ACTRL_DS_LIST | Ds | Enumerate an object |
| ACTRL_DS_SELF | Ds | Member list updates involving the trustee |
| ACTRL_DS_READ_PROP | Ds | Read properties |
| ACTRL_DS_WRITE_PROP | Ds | Write properties |
| ACTRL_FILE-READ | File | Read from a file |
| ACTRL_FILE_WRITE | File | Write to a file |
| ACTRL_FILE_APPEND | File | Append to a file |
| ACTRL_FILE_READ_PROP | File | Read file properties / Extended attributes |
| ACTRL_FILE_WRITE_PROP | File | Write file properties / Extended attributes |
| ACTRL_FILE_EXECUTE | File | Execute the file |
| ACTRL_FILE_READ_ATTRIB | File | Read the file attributes |
| ACTRL_FILE_WRITE_ATTRIB | File | Write the file attributes |
| ACTRL_DIR_LIST | Directory | List the contents of a directory |
| ACTRL_DIR_CREATE_OBJECT | Directory | Create a child object (file) in a directory |
| ACTRL_DIR_CREATE_CHILD | Directory | Create a subdirectory |
| ACTRL_DIR_DELETE_CHILD | Directory | Delete a subdirectory |
| ACTRL_DIR_TRAVERSE | Directory | Traverse through the directory |
| ACTRL_KERNEL_KILL | Kernel | Kill a kernel item (process / thread) |
| ACTRL_KERNEL_THREAD | Kernel | Allow for the creation of a thread |
| ACTRL_KERNEL_VM | Kernel | Allow for address space operations |
| ACTRL_KERNEL_VM_READ | Kernel | Read memory |
| ACTRL_KERNEL_VM_WRITE | Kernel | Write memory |
| ACTRL_KERNEL_DUP_HANDLE | Kernel | Duplicate a handle |
| ACTRL_KERNEL_PROCESS | Kernel | Create a process |
| ACTRL_KERNEL_SET_INFO | Kernel | Get kernel object information/state |
| ACTRL_KERNEL_GET_INFO | Kernel | Set kernel object information/state |
| ACTRL_KERNEL_CONTROL | Kernel | Allow for the control of a kernel object (such as suspending a thread) |
| ACTRL_KERNEL_ALERT | Kernel | TBD |
| ACTRL_KERNEL_GET_CONTEXT | Kernel | Get the threads context |
| ACTRL_KERNEL_SET_CONTEXT | Kernel | Set the threads context |
| ACTRL_KERNEL_TOKEN | Kernel | Set the threads token |
| ACTRL_KERNEL_IMPERSONATE | Kernel | Client impersonation |
| ACTRL_KERNEL_DIMPERSONATE | Kernel | Direct client impersonation |
| ACTRL_PRINT_SADMIN | Printer | Print server administration |
| ACTRL_PRINT_SLIST | Printer | Print server enumeration |
| ACTRL_PRINT_PADMIN | Printer | Printer administration |
| ACTRL_PRINT_PUSE | Printer | Can the printer be used |
| ACTRL_PRINT_JADMIN | Printer | Print job administration |
| ACTRL_SVC_GET_INFO | Service | Get the info on a service |
| ACTRL_SVC_SET_INFO | Service | Set the info on a service |
| ACTRL_SVC_STATUS | Service | Get the status of a service |
| ACTRL_SVC_LIST | Service | Enumerate the services |
| ACTRL_SVC_START | Service | Start a service |
| ACTRL_SVC_STOP | Service | Stop a service |
| ACTRL_SVC_PAUSE | Service | Pause a service |
| ACTRL_SVC_INTERROGATE | Service | Query the service for the current status |
| ACTRL_SVC_UCONTROL | Service | User-defined control |
| ACTRL_REG_QUERY | Registry | Read a registry sub key |
| ACTRL_REG_SET | Registry | Write a registry sub key |
| ACTRL_REG_CREATE_CHILD | Registry | Create a registry sub key |
| ACTRL_REG_LIST | Registry | Enumerate a registry sub key |
| ACTRL_REG_NOTIFY | Registry | Create a registry notification |
| ACTRL_REG_LINK | Registry | Create a symbolic link |
| ACTRL_WIN_CLIPBRD | Window | Allow access to the clipboard |
| ACTRL_WIN_GLOBAL_ATOMS | Window | Allow global-atom access |
| ACTRL_WIN_CREATE | Window | Create desktop access |
| ACTRL_WIN_LIST_DESK | Window | Enumerate the desktops |
| ACTRL_WIN_LIST | Window | Enumerate the window station |
| ACTRL_WIN_READ_ATTRIBS | Window | Read the attributes |
| ACTRL_WIN_WRITE_ATTRIBS | Window | Write the attributes |
| ACTRL_WIN_SCREEN | Window | Allow access to the screen |
| ACTRL_WIN_EXIT | Window | Call ExitWindows* functions |
Windows NT: Use version 4.0 or later.
Windows: Available as a Windows 95 redistributable.
Windows CE: Unsupported.
Header: Declared in oleext.h.