NWDSGetEffectiveRights

Returns a summary of a subject’s rights with respect to operations on a specified object or an attribute of an object.

Local Servers:blocking

Remote Servers:blocking

NetWare Server:4.x, 5.x, 6.x

Platform:NLM, Windows NT, Windows 95, Windows 98, Windows 2000, Windows XP

Library:Cross-Platform NDS (NET*.*)

Service:NDS

Syntax

C

  #include <nwnet.h> 
  or 
  #include <nwdsacl.h> 
   
  N_EXTERN_LIBRARY (NWDSCCODE)  NWDSGetEffectiveRights  ( 
     NWDSContextHandle   context,  
     pnstr8              subjectName,  
     pnstr8              objectName,  
     pnstr8              attrName,  
     pnuint32            privileges);

Pascal

  uses netwin32 
   
  Function NWDSGetEffectiveRights 
    (context : NWDSContextHandle; 
     subjectName : pnstr8; 
     objectName : pnstr8; 
     attrName : pnstr8; 
     privileges : pnuint32 
  ) : NWDSCCODE;

Parameters

context: (IN) Specifies the NDS context for the request.
subjectName: (IN) Points to the name of the object to which the privileges are granted.
objectName: (IN) Points to the name of the object to which access may be granted.
attrName: (IN) Points to the name of the attribute to which access may be granted.
privileges: (OUT) Points to the privileges granted to subjectName (see Section 5.18, eDirectory Access Control Rights).

Return Values

These are common return values.

0x0000 0000	SUCCESSFUL
0x8996	SERVER_OUT_OF_MEMORY
0x89E2	TOO_FEW_FRAGMENTS
0x89E3	TOO_MANY_FRAGMENTS
0x89E4	PROTOCOL_VIOLATION
0x89E5	SIZE_LIMIT_EXCEEDED
0x89FD	UNKNOWN_REQUEST
0x89FD	INVALID_PACKET_LENGTH
0x89FE	BAD_PACKET
0x89FF	Failure not related to eDirectory
nonzero value	Nonzero values indicate errors. See NDS Return Values (–001 to –799).

Remarks

If the return value is ERROR_NO_SUCH_ENTRY, no privilege set exists for the specified subject/object pair, and the subject has no rights with respect to the object. It can also indicate the object does not exist.

If the object exists but the subject does not exist, NWDSGetEffectiveRights returns a value of SUCCESSFUL and privileges is set to NULL.

Access to information about objects stored in eDirectory is granted through access control lists (ACLs). The ACL is an attribute defined by the eDirectory schema and regulates access to its associated object or attribute. The ACL can be read or modified by calling NWDSRead and NWDSModifyObject. Likewise, other access operations can be applied to the ACL.

The ACL grants access privileges to a specified object, called the subject, regarding the object the ACL protects. Optionally, privileges may be granted with respect to a specified attribute of the protected object.

A subject can inherit access to an object through various security equivalences. NWDSGetEffectiveRights provides a summary of all cases where a particular subject may receive access to a particular object. (The value for individual ACLs can be read or modified using the standard Access Services.)

The subject can be the name of the objects in eDirectory, or it can be one of the following "special" subjects:

       [Creator] 
       [Public] 
       [Root] 
       [Self]

The [Inheritance Mask] special subject cannot be used. NWDSGetEffectiveRights will return -601, ERR_NO_SUCH_ENTRY, when trying to get the inheritance mask for a container or user.

The attrName parameter specifies an attribute of the object for which the effective rights of the subject are requested. The attribute can also be one of the following "special" attribute names:

      [All Attributes Rights] 
      [Entry Rights]

NCP Calls

0x2222 23 17 Get File Server Information
0x2222 23 22 Get Station’s Logged Info (old)
0x2222 23 28 Get Station’s Logged Info
0x2222 104 01 Ping for eDirectory NCP
0x2222 104 02 Send eDirectory Fragmented Request/Reply