Setting Permissions on Child Object Operations
Permissions, such as Create Child and Delete Child, can also be granted or denied for operations on all subobjects or subobjects of a specific class.
The following procedure can be used to set permissions for a specific subobject type.
To set permissions for a specific subobject type
- Set the IADsAccessControlEntry.AceType property to ADS_ACETYPE_ACCESS_ALLOWED_OBJECT or ADS_ACETYPE_ACCESS_DENIED_OBJECT.
- Set the IADsAccessControlEntry.ObjectType property to the GUID for object class. This is the schemaIDGUID property of the classSchema object that defines the object class. If the ObjectType property is NULL, the ACE applies to subobjects of any class.
- Set the IADsAccessControlEntry.Flags property to ADS_FLAG_OBJECT_TYPE_PRESENT.
For more information and a procedure for creating an ACE, see Setting Access Rights on an Object.
For more information and a code example that can be used to set an ACE that controls child object operations, see Example Code for Setting an ACE on a Directory Object.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for