IBDSecurity::GetPermissions Method [C++]
Use this method to retrieve permission information (allow, deny, or undefined) associated with the specified combination of security identifier (SID), entity, element, and right.
Definition
[C++]
HRESULT IBDSecurity::GetPermissions(VARIANTvarSID,
VARIANTvarEntity,
VARIANTvarElement,
VARIANTvarRight,
_Recordset**ppRSPermissions);
[Visual Basic]
Function GetPermissions(OptionalvarSID As Variant,
OptionalvarEntity As Variant,
OptionalvarElement As Variant,
OptionalvarRight As Variant,
) As _Recordset
Parameters
- varSID[C++]
[in, optional] An optional VARIANT that contains a string specifying the security identifier (SID) of the account for which permissions are being requested. - varSID[Visual Basic]
An optional Variant that contains a string specifying the security identifier (SID) of the account for which permissions are being requested. - varEntity[C++]
[in, optional] An optional VARIANT that contains a string specifying the name of the entity for which permissions are being requested. - varEntity[Visual Basic]
An optional Variant that contains a string specifying the name of the entity for which permissions are being requested. - varElement[C++]
[in, optional] An optional VARIANT that contains a string specifying the name of the element for which permissions are being requested. - varElement[Visual Basic]
An optional Variant that contains a string specifying the name of the element for which permissions are being requested. - varRight[C++]
[in, optional] An optional VARIANT that contains a string specifying the name of the right for which permissions are being requested. - varRight[Visual Basic]
An optional Variant that contains a string specifying the name of the right for which permissions are being requested. - ppRSPermissions [C++]
[out, retval] The address of a pointer to an ADO _Recordset object used to return the requested permission information. See the Remarks section for more details.
Return Values
[C++] This method returns an HRESULT indicating whether it completed successfully. See the Error Values section for more details.
[Visual Basic] If this method completes successfully, it returns an ADO _Recordset object containing the requested permission information. See the Remarks section for more details.
Error Values
[C++] This method returns S_OK (0x00000000) to indicate success and standard COM HRESULT error values to indicate failure. For more information about standard COM errors, see Standard COM Errors. Additional information may be available using the global Err object, which can be accessed using the API function GetErrorInfo. In particular, the GetDescription method of the IErrorInfo interface may return a text description of the error.
[Visual Basic] This method sets the Number property of the global Err object to S_OK (&H00000000) to indicate success and to standard COM error values to indicate failure. For more information about standard COM errors, see Standard COM Errors. Additional information may be available using the global Err object. In particular, the Description property may contain a text description of the error.
Remarks
This method should be called from Business Desk modules using the new security mechanisms to control access to various aspects of their functionality.
The returned record set contains one record for each matching entry in the Security Definitions Tables (SDT) and includes the fields: Entity, Element, Right, and Deny.
The fields Entity, Element, and Right are strings that are module-specific, and can be defined to suite the needs of the module. For more information about entities, elements, and rights, see Security.
The field Deny contains one of three numeric values, defined in the following table.
| Value | Definition |
|---|---|
| 0 | Allow. The current user has the right to perform the operation indicated by the corresponding Element, Entity, and Right fields. |
| 1 | Deny. The current user does not have the right to perform the operation indicated by the corresponding Element, Entity, and Right fields. |
| 2 | Undefined. For example, the current user has conflicting permissions for different elements of the provided entity. |
If the optional parameter varSID is not specified, this function will look up and use the SIDs for the current user and for the groups to which the current user belongs. If no such SID is available, as is the case in some run-time environments such as Microsoft Visual Basic, an error will be returned.
If any of the other optional parameters (varEntity, varElement and/or varRight) are not provided, they are treated as wildcards. In other words, records will be included in the result regardless of their entity, element, and/or right values.
If no security settings are found in the SDT and the user is a member of the Administrators group, a single row Recordset object will be returned, indicating that the user does have permission to access the requested entity/element/right combination.
[C++] The ppRSPermissions parameter contains valid data only if the method returns successfully.
For more information about memory ownership issues related to COM property and method parameters, see Managing COM Parameter Memory.
[Visual Basic]
Example
' rsPermissions is a Variant to which an ADO _Recordset object
' will be assigned.
' g_MSCSBDSecurityis the global BD security object
' created in the page Global.asa.
' Will return a Recordset containing one record for each catalog
' category entity entry in the SDT for the current user, regardless
' of their values for elements and rights.
rsPermissions = _
g_MSCSBDSecurity.GetPermissions(, "catalog_categories")
See Also
[C++]BDSecurity Object
[Visual Basic]BDSecurity Object
Copyright © 2005 Microsoft Corporation.
All rights reserved.