Beispielcode zum Festlegen von Berechtigungen für Vorgänge untergeordneter Objekte

Im folgenden C- und C++-Codebeispiel wird ein ACE erstellt, der dem angegebenen Vertrauensnehmer Erstellungsrechte für Benutzerobjekte zuweist.

/***************************************************************************

    CreateAceCreateUsers()

    Create an ACE that assigns the right to create User objects under the 
    current object. For this function, the ACE is inherited by all subobjects 
    and is an effective right on the current object.    

***************************************************************************/

HRESULT CreateAceCreateUsers(LPWSTR pwszTrustee, BOOL fAllowed, IDispatch **ppDispACE)
{
    if(!pwszTrustee || !ppDispACE)
    {
        return E_INVALIDARG;
    }
    
    HRESULT hr;
    CComPtr<IADsAccessControlEntry> spACE;

    // Create the COM object for the new ACE.
    hr = spACE.CoCreateInstance(CLSID_AccessControlEntry);
    if(FAILED(hr))
    {
        return hr;
    }

    // Set the properties of the new ACE.

    /*
    Set the access mask that contains the rights to assign. This function 
    assigns rights to create objects.
    */
    hr = spACE->put_AccessMask(ADS_RIGHT_DS_CREATE_CHILD);
    if(FAILED(hr))
    {
        return hr;
    }
    
    // Set the trustee.
    hr = spACE->put_Trustee(CComBSTR(pwszTrustee));
    if(FAILED(hr))
    {
        return hr;
    }
    
    /*
    The AceType property must be ADS_ACETYPE_ACCESS_ALLOWED_OBJECT or 
    ADS_ACETYPE_ACCESS_DENIED_OBJECT.
    */
    if(fAllowed)
    {
        hr = spACE->put_AceType(ADS_ACETYPE_ACCESS_ALLOWED_OBJECT);
    }
    else
    {
        hr = spACE->put_AceType(ADS_ACETYPE_ACCESS_DENIED_OBJECT);
    }
    if(FAILED(hr))
    {
        return hr;
    }

    /*
    Set Flags to ADS_FLAG_OBJECT_TYPE_PRESENT so that the right applies to 
    the creation of a specific object class within the current object and 
    all its subobjects.
    */
    hr = spACE->put_Flags(ADS_FLAG_OBJECT_TYPE_PRESENT);
    if(FAILED(hr))
    {
        return hr;
    }

    // Set ObjectType to the schemaIDGUID of the user class so that the right
    // controls creation of user objects. 
    hr = spACE->put_ObjectType(CComBSTR("BF967ABA-0DE6-11D0-A285-00AA003049E2"));
    if(FAILED(hr))
    {
        return hr;
    }

    // For this function, set AceFlags so that ACE is inherited by child objects 
    hr = spACE->put_AceFlags(ADS_ACEFLAG_INHERIT_ACE);
    if(FAILED(hr))
    {
        return hr;
    }

    // Set InheritedObjectType to NULL so that it is inherited by all subobjects.
    hr = spACE->put_InheritedObjectType(NULL);
    if(FAILED(hr))
    {
        return hr;
    }

    // QueryInterface for the IDispatch pointer to pass to the AddAce method.
    hr = spACE->QueryInterface(IID_IDispatch, (void**)ppDispACE);
    if(FAILED(hr))
    {
        return hr;
    }
     
    return hr;
}