Returns a summary of a subject’s rights with respect to operations on a specified object or an attribute of an object.
#include <nwnet.h> or #include <nwdsacl.h> N_EXTERN_LIBRARY (NWDSCCODE) NWDSGetEffectiveRights ( NWDSContextHandle context, pnstr8 subjectName, pnstr8 objectName, pnstr8 attrName, pnuint32 privileges);
uses netwin32 Function NWDSGetEffectiveRights (context : NWDSContextHandle; subjectName : pnstr8; objectName : pnstr8; attrName : pnstr8; privileges : pnuint32 ) : NWDSCCODE;
(IN) Specifies the NDS context for the request.
(IN) Points to the name of the object to which the privileges are granted.
(IN) Points to the name of the object to which access may be granted.
(IN) Points to the name of the attribute to which access may be granted.
(OUT) Points to the privileges granted to subjectName (see Section 5.18, eDirectory Access Control Rights).
These are common return values.
0x0000 0000 |
SUCCESSFUL |
0x8996 |
SERVER_OUT_OF_MEMORY |
0x89E2 |
TOO_FEW_FRAGMENTS |
0x89E3 |
TOO_MANY_FRAGMENTS |
0x89E4 |
PROTOCOL_VIOLATION |
0x89E5 |
SIZE_LIMIT_EXCEEDED |
0x89FD |
UNKNOWN_REQUEST |
0x89FD |
INVALID_PACKET_LENGTH |
0x89FE |
BAD_PACKET |
0x89FF |
Failure not related to eDirectory |
nonzero value |
Nonzero values indicate errors. See |
If the return value is ERROR_NO_SUCH_ENTRY, no privilege set exists for the specified subject/object pair, and the subject has no rights with respect to the object. It can also indicate the object does not exist.
If the object exists but the subject does not exist, NWDSGetEffectiveRights returns a value of SUCCESSFUL and privileges is set to NULL.
Access to information about objects stored in eDirectory is granted through access control lists (ACLs). The ACL is an attribute defined by the eDirectory schema and regulates access to its associated object or attribute. The ACL can be read or modified by calling NWDSRead and NWDSModifyObject. Likewise, other access operations can be applied to the ACL.
The ACL grants access privileges to a specified object, called the subject, regarding the object the ACL protects. Optionally, privileges may be granted with respect to a specified attribute of the protected object.
A subject can inherit access to an object through various security equivalences. NWDSGetEffectiveRights provides a summary of all cases where a particular subject may receive access to a particular object. (The value for individual ACLs can be read or modified using the standard Access Services.)
The subject can be the name of the objects in eDirectory, or it can be one of the following "special" subjects:
[Creator] [Public] [Root] [Self]
The [Inheritance Mask] special subject cannot be used. NWDSGetEffectiveRights will return -601, ERR_NO_SUCH_ENTRY, when trying to get the inheritance mask for a container or user.
The attrName parameter specifies an attribute of the object for which the effective rights of the subject are requested. The attribute can also be one of the following "special" attribute names:
[All Attributes Rights] [Entry Rights]