IAzClientContext::AccessCheck method (azroles.h)

The AccessCheck method determines whether the current client context is allowed to perform the specified operations.

Syntax

HRESULT AccessCheck(
  BSTR    bstrObjectName,
  VARIANT varScopeNames,
  VARIANT varOperations,
  VARIANT varParameterNames,
  VARIANT varParameterValues,
  VARIANT varInterfaceNames,
  VARIANT varInterfaceFlags,
  VARIANT varInterfaces,
  VARIANT *pvarResults
);

Parameters

bstrObjectName

The name of the accessed object. This string is used in audits.

varScopeNames

A variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds a VT_BSTR that contains the name of a scope that the object specified by the bstrObjectName parameter matches. The array can contain only one element. To use the default application level scope, set the first entry in the array to an empty string ("") or VT_EMPTY, or pass VT_EMPTY in to this parameter.

varOperations

The operations for which access by the client context is checked. This is a variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds a VT_I2 or VT_I4 that represents the OperationID property of an IAzOperation object in the IAzApplication policy.

varParameterNames

The names of the parameters available to business rules (BizRules) through the AzBizRuleContext::GetParameter method. This is a variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds a VT_BSTR that contains a parameter name. This array must be sorted alphabetically by the caller; the sort order is as defined by a case-sensitive VarCmp. The order of the varParameterValues array must match the order of this array. The default value is VT_NULL.

varParameterValues

The values of the parameters that are available to business rules (BizRules) through the AzBizRuleContext::GetParameter method. This is a variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds a value that corresponds to an element in the varParameterNames array. The default value is VT_NULL. The entries in the array can hold any type except VT_UNKNOWN and VT_DISPATCH.

varInterfaceNames

The names by which the interfaces in the varInterfaces array will be known in a BizRule script. This is a variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds a string variant that contains an interface name. This method calls the IActiveScript::AddNamedItem method for each entry in the array. The default value is VT_NULL.

varInterfaceFlags

Flags that will be passed in the call to IActiveScript::AddNamedItem. This is a variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds a VT_I4. The SCRIPTITEM_ISVISIBLE flag is implied; the SCRIPTITEM_ISPERSISTENT flag is ignored. Each entry in the array must match the corresponding element in the varInterfaceNames array. The default value is VT_NULL.

varInterfaces

The IDispatch interfaces that will be made available to the BizRule script. This is a variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds an IDispatch interface. Each entry in the array must match the corresponding element in the varInterfaceNames array. The default value is VT_NULL.

pvarResults

A pointer to a VARIANT used to return a SAFEARRAY that contains the results of the access check. Each element of the SAFEARRAY is a VARIANT of type VT_I4. Each entry in the array matches the corresponding element in the varOperations array. If access to an operation is granted to the client context, a value of NO_ERROR is returned in the corresponding element in the pvarResults array. Any other value indicates that access to that operation is not granted. A typical value that indicates failure is ERROR_ACCESS_DENIED.

In JScript, the returned SAFEARRAY must be converted to the JScript Array object.

Return value

If the method succeeds, the method returns NO_ERROR.

If the method fails, it returns an HRESULT value that indicates the status of the method, not the result of the access check. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return code/value Description
ERROR_FILE_CORRUPT
This error code can be returned if an Active Directory authorization store is used and the administration of the scope has been delegated. The task and role definitions within a delegated scope cannot have BizRules. If a task or role definition within a delegated scope contains a BizRule (this is possible if the store is corrupted), the AccessCheck method will fail.
OLESCRIPT_E_SYNTAX
The BizRule used to evaluate access contains a syntax error.

Remarks

If the RoleForAccessCheck property is defined in the client context, the AccessCheck method will be performed only on that role.

When this method is called, the application group membership is added to the client context so that it does not need to be recomputed for subsequent access checks on the same client context.

This method cannot be called by a BizRule.

Requirements

   
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header azroles.h
Library Azroles.lib
DLL Azroles.dll
Redistributable Windows Server 2003 Administration Tools Pack on Windows XP