sec_acl_test_access-Determine whether calling client has permission to access a protected object.
#include <dce/daclif.h>
boolean32 sec_acl_test_access(
sec_acl_handle_t prot_obj_handle,
uuid_t *manager_type,
sec_acl_permset_t access_rights,
error_status_t *status);
Input
- prot_obj_handle
Handle to a protected object.
- manager_type
An ACL manager type UUID of the protected object.
- access_rights
Set of access rights to the protected object.
Output
- status
Completion status. On successful completion, error_status_ok is returned. Otherwise, an error (!= error_status_ok) is returned.
The boolean32 return value of this routine is valid if and only if the returned status value is error_status_ok.This routine returns non-0 ("true") if the calling client is granted the specified access rights to the protected object by the specified ACL manager; it returns 0 ("false") otherwise.
The sec_acl_test_access() routine determines whether or not the calling client is granted or denied the specified access rights to the specified protected object by the specified ACL manager.
As an example usage, a client could invoke this routine to determine the minimal access rights it needs to accomplish a proposed task, then use that information to acquire (from the DCE PS) a minimal set of credentials authorising it to actually perform the task (this implements a security policy known as "least privilege").Implementations layer this routine over the rdacl RPC interface operation rdacl_test_access().
error_status_ok, sec_acl_unknown_manager_type.
Functions: sec_acl_bind(), sec_acl_bind_to_addr(), sec_acl_get_manager_types(), sec_acl_get_manager_types_semantics(), sec_acl_get_access(), sec_acl_test_access_on_behalf().Protocols: rdacl_test_access().
| Contents | Next section | Index |