Discussion:
Access check for inherited permission
(too old to reply)
Tony Cheung
2006-10-18 10:22:14 UTC
Permalink
Hi all,

Currently I am using the AuthzAccessCheck API from the AzMan library to
perform effective permission checking on AD object. At the moment, it works
fine except I check for permission inheriting to child objects.

For example, I create a container (CN=Users,DC=domain,DC=com) and using ADSI
Edit to grant a user (Joe) to write description property of classStore
objects, ie.
Name: Domain\Joe
Apply onto: classStore objects
Permission: Write Description

Now, how should I construct the OBJECT_TYPE_LIST for AuthzAccessCheck so
that I can check if user Joe can write every classStore's description under
the domain.com/Users container?

Any help is greatly appreciated! Thanks in advance.


- Tony
T***@nospam.nospam
2006-10-19 01:29:22 UTC
Permalink
Any ideas?

Thanks.
Post by Tony Cheung
Hi all,
Currently I am using the AuthzAccessCheck API from the AzMan library to
perform effective permission checking on AD object. At the moment, it
works fine except I check for permission inheriting to child objects.
For example, I create a container (CN=Users,DC=domain,DC=com) and using
ADSI Edit to grant a user (Joe) to write description property of
classStore objects, ie.
Name: Domain\Joe
Apply onto: classStore objects
Permission: Write Description
Now, how should I construct the OBJECT_TYPE_LIST for AuthzAccessCheck so
that I can check if user Joe can write every classStore's description
under the domain.com/Users container?
Any help is greatly appreciated! Thanks in advance.
- Tony
Loading...