Setting Permissions on a Group of Properties
Permissions can be applied to a group of properties. A property set is identified by the GUID in the rightsGUID attribute of a controlAccessRight object. This GUID is set in the attributeSecurityGUID attribute of the attributeSchema object of each attribute in the group.
The following procedure shows how to set permissions that apply to a group of object properties.
To set permissions that apply to a group of object properties
- Set the IADsAccessControlEntry.AccessMask property to ADS_RIGHT_DS_READ_PROP, ADS_RIGHT_DS_WRITE_PROP or both values combined.
- Set the IADsAccessControlEntry.AceType property to either ADS_ACETYPE_ACCESS_ALLOWED_OBJECT or ADS_ACETYPE_ACCESS_DENIED_OBJECT.
- Set the IADsAccessControlEntry.ObjectType property to the GUID of the property set. This is the rightsGUID property of the controlAccessRight object that identifies the property set. This GUID is also set as the attributeSecurityGUID in the attributeSchema object of each property in the group.
- Set the IADsAccessControlEntry.Flags property to ADS_FLAG_OBJECT_TYPE_PRESENT.
Be aware that you should not set the ADS_RIGHT_DS_CONTROL_ACCESS flag in the IADsAccessControlEntry.AccessMask property. This flag is only used to specify a control access right.
For more information and a code example that can be used to set access rights for a property set, see Example Code for Setting Permissions on a Group of Properties.
For more information about creating an ACE, see Setting Access Rights on an Object.
For more information and a code example that can be used to set an ACE for a property set, see Example Code for Setting an ACE on a Directory Object.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for