Defining Groups of Users in C++
In Authorization Manager, an IAzApplicationGroup object represents a group of users. Roles can then be assigned to this group of users collectively. An IAzApplicationGroup object can also include other IAzApplicationGroup objects as members. For more information about application groups, see Users and Groups.
A group can be defined either by explicit lists of members and nonmembers, or by a Lightweight Directory Access Protocol (LDAP) query. The following examples show how to create each type of application group:
Creating a Basic Group
A basic application group is defined by the members included in the Members and NonMembers properties of the IAzApplicationGroup object that represents the group. Users and groups listed in the Members property are included in the application group, and users and groups listed in the NonMembers property are excluded from the application group. Being listed in the NonMembers property supersedes being listed in the Members property.
The following example shows how to create a basic application group and add all local users as members of that group. The example assumes that there is an existing XML policy store named MyStore.xml in the root directory of drive C.
#ifndef _WIN32_WINNT
#define _WIN32_WINNT 0x0502
#endif
#pragma comment(lib, "duser.lib")
#include <windows.h>
#include <stdio.h>
#include <azroles.h>
#include <objbase.h>
void main(void){
IAzAuthorizationStore* pStore = NULL;
IAzApplicationGroup* pAppGroup = NULL;
HRESULT hr;
void MyHandleError(char *s);
BSTR storeName = NULL;
BSTR groupName = NULL;
BSTR sidString = NULL;
// Initialize COM.
hr = CoInitializeEx(NULL, COINIT_MULTITHREADED);
if (!(SUCCEEDED(hr)))
MyHandleError("Could not initialize COM.");
// Create the AzAuthorizationStore object.
hr = CoCreateInstance(
/*"b2bcff59-a757-4b0b-a1bc-ea69981da69e"*/
__uuidof(AzAuthorizationStore),
NULL,
CLSCTX_ALL,
/*"edbd9ca9-9b82-4f6a-9e8b-98301e450f14"*/
__uuidof(IAzAuthorizationStore),
(void**)&pStore);
if (!(SUCCEEDED(hr)))
MyHandleError("Could not create AzAuthorizationStore object.");
// Create null VARIANT for parameters.
VARIANT myVar;
VariantInit(&myVar);
// Allocate a string for the name of the store.
if(!(storeName = SysAllocString(L"msxml://c:\\MyStore.xml")))
MyHandleError("Could not allocate string.");
// Initialize the store.
hr = pStore->Initialize(AZ_AZSTORE_FLAG_MANAGE_STORE_ONLY,
storeName, myVar);
if (!(SUCCEEDED(hr)))
MyHandleError("Could not initialize store.");
// Create an application group object.
if (!(groupName = SysAllocString(L"Trusted Users")))
MyHandleError("Could not allocate group name string");
hr = pStore->CreateApplicationGroup(groupName, myVar, &pAppGroup);
if (!(SUCCEEDED(hr)))
MyHandleError("Could not create application group.");
// Add well-known SID for all local users to the group.
if (!(sidString = SysAllocString(L"S-1-2-0")))
MyHandleError("Could not allocate SID string name");
hr = pAppGroup->AddMember(sidString, myVar);
if (!(SUCCEEDED(hr)))
MyHandleError("Could not add member to group");
// Save changes to the store.
pAppGroup->Submit(0, myVar);
// Clean up resources.
pStore->Release();
pAppGroup->Release();
SysFreeString(storeName);
SysFreeString(groupName);
SysFreeString(sidString);
VariantClear(&myVar);
CoUninitialize();
}
void MyHandleError(char *s)
{
printf("An error occurred in running the program.\n");
printf("%s\n",s);
printf("Error number %x\n.",GetLastError());
printf("Program terminating.\n");
exit(1);
}
Creating an LDAP Query Group
An LDAP query group has a membership defined by the query contained in the value of its LdapQuery property.
The following example shows how to create an LDAP query application group and add all users as members of that group. The example assumes that there is an existing XML policy store named MyStore.xml in the root directory of drive C.
#ifndef _WIN32_WINNT
#define _WIN32_WINNT 0x0502
#endif
#pragma comment(lib, "duser.lib")
#include <windows.h>
#include <stdio.h>
#include <azroles.h>
#include <objbase.h>
void main(void){
IAzAuthorizationStore* pStore = NULL;
IAzApplicationGroup* pAppGroup = NULL;
HRESULT hr;
void MyHandleError(char *s);
BSTR storeName = NULL;
BSTR groupName = NULL;
BSTR ldapString = NULL;
// Initialize COM.
hr = CoInitializeEx(NULL, COINIT_MULTITHREADED);
if (!(SUCCEEDED(hr)))
MyHandleError("Could not initialize COM.");
// Create the AzAuthorizationStore object.
hr = CoCreateInstance(
/*"b2bcff59-a757-4b0b-a1bc-ea69981da69e"*/
__uuidof(AzAuthorizationStore),
NULL,
CLSCTX_ALL,
/*"edbd9ca9-9b82-4f6a-9e8b-98301e450f14"*/
__uuidof(IAzAuthorizationStore),
(void**)&pStore);
if (!(SUCCEEDED(hr)))
MyHandleError("Could not create AzAuthorizationStore object.");
VARIANT myVar;
myVar.vt = VT_NULL;
// Allocate a string for the name of the store.
if(!(storeName = SysAllocString(L"msxml://c:\\MyStore.xml")))
MyHandleError("Could not allocate string.");
// Initialize the store.
hr = pStore->Initialize(AZ_AZSTORE_FLAG_MANAGE_STORE_ONLY,
storeName, myVar);
if (!(SUCCEEDED(hr)))
MyHandleError("Could not initialize store.");
// Create an application group object.
if (!(groupName = SysAllocString(L"Trusted Users3")))
MyHandleError("Could not allocate group name string");
hr = pStore->CreateApplicationGroup(groupName, myVar, &pAppGroup);
if (!(SUCCEEDED(hr)))
MyHandleError("Could not create application group.");
// Set the Type property to AZ_GROUPTYPE_LDAP_QUERY.
hr = pAppGroup->put_Type(AZ_GROUPTYPE_LDAP_QUERY);
if (!(SUCCEEDED(hr)))
MyHandleError("Error changing type to LDAP query");
// Add LDAP query for all users.
if (!(ldapString =
SysAllocString(L"(&(objectCategory=person)(objectClass=user))")))
MyHandleError("Could not allocate LDAP query string");
hr = pAppGroup->put_LdapQuery(ldapString);
if (!(SUCCEEDED(hr)))
MyHandleError("Could not add query to group");
// Save changes to the store.
hr = pAppGroup->Submit(0, myVar);
if (!(SUCCEEDED(hr)))
MyHandleError("Could not save changes to store.");
// Clean up resources.
pStore->Release();
pAppGroup->Release();
SysFreeString(storeName);
SysFreeString(groupName);
SysFreeString(ldapString);
CoUninitialize();
}
void MyHandleError(char *s)
{
printf("An error occurred in running the program.\n");
printf("%s\n",s);
printf("Error number %x\n.",GetLastError());
printf("Program terminating.\n");
exit(1);
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for