|
Denying Access
You can deny all access to an object by adding an empty discretionary
access-control list (DACL) to the object's security descriptor. An empty DACL has no
access-control entries (ACEs), which means that the DACL does not grant access to
anyone. Note that this is different from a security descriptor that has no
DACL; in that case, the system grants everyone full access to the object. You can
also prevent a specified trustee from gaining access to an object by using a
DACL that has one or more access-denied ACEs.
This topic includes examples that use the high-level access-control functions
that are new for Windows NT version 4.0. For an example that uses the older
low-level access control functions, see Denying Access Using Low-Level Functions.
The high-level examples use the SetEntriesInAcl function to create an ACL. Then they use the SetNamedSecurityInfo function to attach the ACL as the DACL of an object. Note that these examples
can work with a variety of named securable objects, such as files, registry
keys, and synchronization objects.
The first example shows how to add an empty DACL to an object's security
descriptor. The effect is to deny all access to the object.
DWORD SetEmptyDACL(LPTSTR lpObjectName, SE_OBJECT_TYPE ObjectType)
{
DWORD dwRes;
PACL pDacl;
if (NULL == lpObjectName)
return ERROR_INVALID_PARAMETER;
// create an ACL with no ACEs
dwRes = SetEntriesInAcl(0, NULL, NULL, &pDacl);
if (ERROR_SUCCESS != dwRes)
return dwRes;
// attach the emtpy ACL as the object's DACL
dwRes = SetNamedSecurityInfo(lpObjectName, ObjectType,
DACL_SECURITY_INFORMATION,
NULL, NULL, pDacl, NULL);
// free the buffer returned by SetEntriesInAcl
LocalFree(pDacl);
return dwRes;
}
You can modify this example to deny access to a specified trustee. The
following variation uses the BuildExplicitAccessWithName function to initialize an EXPLICIT_ACCESS structure with the data for an access-denied ACE. Then it uses the SetEntriesInAcl and SetNamedSecurityInfo functions to create the ACL and attach it to the object.
#include <aclapi.h>
DWORD dwRes;
PACL pDacl;
EXPLICIT_ACCESS ea;
// initialize an EXPLICIT_ACCESS structure to deny access
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
BuildExplicitAccessWithName(&ea,
"ludwig", // name of trustee
GENERIC_ALL, // type of access
DENY_ACCESS, // access mode
NO_INHERITANCE); // inheritance mode
// create an ACL with one access-denied ACE
dwRes = SetEntriesInAcl(1, &ea, NULL, &pDacl);
if (ERROR_SUCCESS != dwRes)
return dwRes;
// attach the ACL as the object's DACL
dwRes = SetNamedSecurityInfo(TEXT("myfile"), SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION,
NULL, NULL, pDacl, NULL);
// free the buffer returned by SetEntriesInAcl
LocalFree(pDacl);
| Last news from Greatis Software |
 |
|
Nostalgia .Net |
|
.Net is powerful, but not all-powerful, so sometimes we need to use Win32 API for our .Net applications. It's simple enough with Platform Invoke if you have Win32 skill, but we do not always have time to dig the ancient documentation, declare the special types that are compatible with Win32, find the values of the Win32's constants and so on. Nostalgia .Net offers several simple-to-use classes, and components that will allow you to forget about the headache of Win32 and just use the power of Win32 in your application the same way as you use the native. Net classes. More » |
| Recommended software for developers |
 |
|
Ultimate Pack |
|
Component pack for Delphi and C++ Builder that contains runtime form designer, runtime object inspector, print suite and much more for the very special price. More » |
 |
|
Form Designer .Net |
|
Unique runtime form design solution that allows to edit any form in .Net WinForms application at runtime with full source codes for only 300 euro! More » |
 |
|
Print Suite .Net |
|
Print Suite .Net is a set of components for easy printing texts, images and grids from your WinForms applications. Full C# source codes are available More » |
 |
|
Gradient Controls .Net |
|
Gradient Controls .Net offers controls with gradient background feature. Labels, panels and so on... Full C# source codes are available More » |
 |
|
Greatis iGrid |
|
iGrid plots drawing grid right over your desktop, so you can use it everywhere, with any drawing application without any special plugins for different graphic editors. More » |
All the contacts and projectsDmitry Vasiliev (just.dmitry)
Related LinksSoftware for Visual Studio .NET developers
Software for Delphi and C++ Builder developers
Software for Visual Basic 6 developers
Delphi Tips&Tricks
MegaDetailed.NET More Online Helps Win32 Programmer's Reference
Win32 Multimedia Programmer's Reference
OLE Programmer's Reference
Microsoft Windows Pen API Programmer's Reference
Microsoft Windows Sockets 2 Reference
Microsoft Windows Telephony API (TAPI) Programmer's Reference
Unix Manual Pages
|
