Authorization rules

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Authorization rules

Authorization rules are scripts, written in VBScript or JScript, that you can include in role definitions and task definitions. An authorization rule determines whether the role or task is allowed. For information about role definitions and task definitions, see Roles, tasks, and operations.

By using authorization rules, you can base authorization decisions on any conditions that a script can test. These include privileges and permissions, as well as time of day, billable expense limits, account balances, and other criteria.

With Authorization Manager, you can use authorization rules, but it is not designed for writing or debugging authorization rules. You can write your scripts in a text editor (for example, Notepad), in an integrated development environment like Visual Studio .NET, or in another application of your choice.

Authorization rules are usually written by developers. For more information about authorization-related application programming interfaces (APIs), see Authorization at the Microsoft Web site.

VBScript example

The following is a VBScript authorization rule that always grants permission:

AzBizRuleContext.BusinessRuleResult = True

For more information about VBScript, see VBScript at the Microsoft Web site.

JScript example

The following is a JScript authorization rule that always grants permission:

AzBizRuleContext.BusinessRuleResult = true;

For more information about JScript, see JScript at the Microsoft Web site.