Previous section.

DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group

NAME

sec_acl_test_access-Determine whether calling client has permission to access a protected object.

SYNOPSIS

#include <dce/daclif.h>

boolean32 sec_acl_test_access(
    sec_acl_handle_t prot_obj_handle,
    uuid_t *manager_type,
    sec_acl_permset_t access_rights,
    error_status_t *status);

PARAMETERS

Input

prot_obj_handle

Handle to a protected object.

manager_type

An ACL manager type UUID of the protected object.

access_rights

Set of access rights to the protected object.

Output

status

Completion status. On successful completion, error_status_ok is returned. Otherwise, an error (!= error_status_ok) is returned.

RETURN VALUES

The boolean32 return value of this routine is valid if and only if the returned status value is error_status_ok.

This routine returns non-0 ("true") if the calling client is granted the specified access rights to the protected object by the specified ACL manager; it returns 0 ("false") otherwise.

DESCRIPTION

The sec_acl_test_access() routine determines whether or not the calling client is granted or denied the specified access rights to the specified protected object by the specified ACL manager.

NOTES

As an example usage, a client could invoke this routine to determine the minimal access rights it needs to accomplish a proposed task, then use that information to acquire (from the DCE PS) a minimal set of credentials authorising it to actually perform the task (this implements a security policy known as "least privilege").

Implementations layer this routine over the rdacl RPC interface operation rdacl_test_access().

ERRORS

error_status_ok, sec_acl_unknown_manager_type.

SEE ALSO

Functions: sec_acl_bind(), sec_acl_bind_to_addr(), sec_acl_get_manager_types(), sec_acl_get_manager_types_semantics(), sec_acl_get_access(), sec_acl_test_access_on_behalf().

Protocols: rdacl_test_access().

Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.

Contents Next section Index