Access Check and Audit Generation
When a subject attempts to access an object, the object manager calls the function AccessCheckAndAuditAlarm to determine if access is allowed, denied, or audited. The function approaches the job in two phases. First, it determines whether the subject is allowed or denied access. Then it determines whether it needs to generate an auditing entry in the security log.