Access Control Editor

  • Article

The access control editor is a set of property sheets and property pages that enable the user to view and modify the components of an object's security descriptor. The editor consists of two main parts:

The CreateSecurityPage function creates the basic security property page. You can then use the PropertySheet function or the PSM_ADDPAGE message to add this page to a property sheet.

Alternatively, you can use the EditSecurity function to display a property sheet that contains the basic security property page.

For both CreateSecurityPage and EditSecurity, the caller must pass a pointer to an implementation of the ISecurityInformation interface. The access control editor calls the methods of this interface to retrieve access control information about the object being edited and to pass the user's input back to your application. The ISecurityInformation methods have the following purposes:

  • To initialize the property pages.

    Your implementation of the GetObjectInformation method passes an SI_OBJECT_INFO structure to the editor. This structure specifies the property pages that you want the editor to display and other information that determines the editing options available to the user.

  • To provide security information about the object being edited.

    Your GetSecurity implementation passes the object's initial security descriptor to the editor. The GetAccessRights and MapGeneric methods provide information about the object's access rights. The GetInheritTypes method provides information about how the object's ACEs can be inherited by child objects.

  • To pass the user's input back to your application.

    When the user clicks Okay or Apply, the editor calls your SetSecurity method to pass back a security descriptor containing the user's changes.