IAzAuthorizationStore interface (azroles.h)

The AzAuthorizationStore object defines the container that is the root of the authorization policy store.

Inheritance

The IAzAuthorizationStore interface inherits from the IUnknown interface. IAzAuthorizationStore also has these types of members:

Methods

The IAzAuthorizationStore interface has these methods.

 
IAzAuthorizationStore::AddDelegatedPolicyUser

Adds the specified security identifier (SID) in text form to the list of principals that act as delegated policy users.
IAzAuthorizationStore::AddDelegatedPolicyUserName

Adds the specified account name to the list of principals that act as delegated policy users.
IAzAuthorizationStore::AddPolicyAdministrator

Adds the specified security identifier (SID) in text form to the list of principals that act as policy administrators.
IAzAuthorizationStore::AddPolicyAdministratorName

Adds the specified account name to the list of principals that act as policy administrators.
IAzAuthorizationStore::AddPolicyReader

Adds the specified security identifier (SID) in text form to the list of principals that act as policy readers.
IAzAuthorizationStore::AddPolicyReaderName

Adds the specified account name to the list of principals that act as policy readers.
IAzAuthorizationStore::AddPropertyItem

Adds the specified principal to the specified list of principals.
IAzAuthorizationStore::CloseApplication

Unloads a specified IAzApplication object from the cache.
IAzAuthorizationStore::CreateApplication

Creates an IAzApplication object with the specified name.
IAzAuthorizationStore::CreateApplicationGroup

Creates an IAzApplicationGroup object with the specified name.
IAzAuthorizationStore::Delete

Deletes the policy store currently in use by the AzAuthorizationStore object.
IAzAuthorizationStore::DeleteApplication

Removes the IAzApplication object with the specified name from the AzAuthorizationStore object.
IAzAuthorizationStore::DeleteApplicationGroup

Removes the IAzApplicationGroup object with the specified name from the AzAuthorizationStore object.
IAzAuthorizationStore::DeleteDelegatedPolicyUser

Removes the specified security identifier (SID) in text form from the list of principals that act as delegated policy users.
IAzAuthorizationStore::DeleteDelegatedPolicyUserName

Removes the specified account name from the list of principals that act as delegated policy users.
IAzAuthorizationStore::DeletePolicyAdministrator

Removes the specified security identifier (SID) in text form from the list of principals that act as policy administrators.
IAzAuthorizationStore::DeletePolicyAdministratorName

Removes the specified account name from the list of principals that act as policy administrators.
IAzAuthorizationStore::DeletePolicyReader

Removes the specified security identifier (SID) in text form from the list of principals that act as policy readers.
IAzAuthorizationStore::DeletePolicyReaderName

Removes the specified account name from the list of principals that act as policy readers.
IAzAuthorizationStore::DeletePropertyItem

Removes the specified principal from the specified list of principals.
IAzAuthorizationStore::get_ApplicationData

Sets or retrieves an opaque field that can be used by the application to store information.
IAzAuthorizationStore::get_ApplicationGroups

Retrieves an IAzApplicationGroups object that is used to enumerate IAzApplicationGroup objects from the policy data.
IAzAuthorizationStore::get_Applications

Retrieves an IAzApplications object that is used to enumerate IAzApplication objects from the policy store.
IAzAuthorizationStore::get_ApplyStoreSacl

Sets or retrieves a value that indicates whether policy audits should be generated when the authorization store is modified.
IAzAuthorizationStore::get_DelegatedPolicyUsers

Retrieves the security identifiers (SIDs) of principals that act as delegated policy users in text form.
IAzAuthorizationStore::get_DelegatedPolicyUsersName

Retrieves the account names of principals that act as delegated policy users.
IAzAuthorizationStore::get_Description

Sets or retrieves a comment that describes the operation.
IAzAuthorizationStore::get_DomainTimeout

Sets or retrieves the time in milliseconds after which a domain is determined to be unreachable.
IAzAuthorizationStore::get_GenerateAudits

Sets or retrieves a value that indicates whether run-time audits should be generated.
IAzAuthorizationStore::get_MaxScriptEngines

Sets or retrieves the maximum number of Business Rule (BizRule) script engines that will be cached.
IAzAuthorizationStore::get_PolicyAdministrators

Retrieves the security identifiers (SIDs) of principals that act as policy administrators in text form.
IAzAuthorizationStore::get_PolicyAdministratorsName

Retrieves the account names of principals that act as policy administrators.
IAzAuthorizationStore::get_PolicyReaders

Retrieves the security identifiers (SIDs) of principals that act as policy readers in text form.
IAzAuthorizationStore::get_PolicyReadersName

Retrieves the account names of principals that act as policy readers.
IAzAuthorizationStore::get_ScriptEngineTimeout

Sets or retrieves the time in milliseconds that the IAzClientContext::AccessCheck method will wait for a Business Rule (BizRule) to complete execution before canceling it.
IAzAuthorizationStore::get_TargetMachine

Retrieves the name of the computer on which account resolution should occur.
IAzAuthorizationStore::get_Writable

Retrieves a value that indicates whether the object can be modified by the user context that called the Initialize method.
IAzAuthorizationStore::GetProperty

Returns the AzAuthorizationStore object property with the specified property ID.
IAzAuthorizationStore::Initialize

Initializes the authorization manager.
IAzAuthorizationStore::OpenApplication

Opens the IAzApplication object with the specified name.
IAzAuthorizationStore::OpenApplicationGroup

Opens an IAzApplicationGroup object by specifying its name.
IAzAuthorizationStore::put_ApplicationData

Sets or retrieves an opaque field that can be used by the application to store information.
IAzAuthorizationStore::put_ApplyStoreSacl

Sets or retrieves a value that indicates whether policy audits should be generated when the authorization store is modified.
IAzAuthorizationStore::put_Description

Sets or retrieves a comment that describes the operation.
IAzAuthorizationStore::put_DomainTimeout

Sets or retrieves the time in milliseconds after which a domain is determined to be unreachable.
IAzAuthorizationStore::put_GenerateAudits

Sets or retrieves a value that indicates whether run-time audits should be generated.
IAzAuthorizationStore::put_MaxScriptEngines

Sets or retrieves the maximum number of Business Rule (BizRule) script engines that will be cached.
IAzAuthorizationStore::put_ScriptEngineTimeout

Sets or retrieves the time in milliseconds that the IAzClientContext::AccessCheck method will wait for a Business Rule (BizRule) to complete execution before canceling it.
IAzAuthorizationStore::SetProperty

Sets the specified value to the AzAuthorizationStore object property with the specified property ID.
IAzAuthorizationStore::Submit

Persists changes made to the AzAuthorizationStore object.
IAzAuthorizationStore::UpdateCache

Updates the cache of objects and object attributes to match the underlying policy store.

Remarks

The AzAuthorizationStore object is named according to the URL passed to the Initialize method. The object has no name within the policy store.

The application must ensure that the user context from which the Initialize method is called is used for all future access to the AzAuthorizationStore object, except for the IAzApplication::InitializeClientContextFromToken method.

Note  If an XML store is used over a network, the traffic is not automatically encrypted. IPsec can be used to encrypt the authorization information in transit.
 

Requirements

   
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header azroles.h
Redistributable Windows Server 2003 Administration Tools Pack on Windows XP