NWDSGetEffectiveRights(3nw)


NWDSGetEffectiveRights -- returns a summary of a subject's rights with respect to operations on a specified object or an attribute of an object

Synopsis

   #include <nwnet.h> 
   or 
   #include <nwdsacl.h> 
   

NWDSCCODE N_API NWDSGetEffectiveRights (NWDSContextHandle context, pnstr8 subjectName, pnstr8 objectName, pnstr8 attrName, pnuint32 privileges);

Description

The parameters are as follows:

context
(IN) Specifies the Directory context for the request.

subjectName
(IN) Points to the name of the object to which the privileges are assigned.

objectName
(IN) Points to the name of the object to which access may be granted.

attrName
(IN) Points to the name of the attribute to which access may be granted.

privileges
(OUT) Points to the privileges assigned to subjectName.

Return values

0x0000
SUCCESSFUL

Negative Value
Negative values indicate errors. For errors returned by Directory Services, see ``Directory Services OS Errors'' (-001 to -255), ``Directory Services Client Library Errors'' (-301 to -399), or ``Directory Services Agent in the Server Errors'' (-601 to -699).

0x8996
SERVER_OUT_OF_MEMORY

0x89E2
TOO_FEW_FRAGMENTS

0x89E3
TOO_MANY_FRAGMENTS

0x89E4
PROTOCOL_VIOLATION

0x89E5
SIZE_LIMIT_EXCEEDED

0x89F
DUNKNOWN_REQUEST

0x89FD
INVALID_PACKET_LENGTH

0x89FE
BAD_PACKET

0x89FF
Failure not related to Directory Services

Notices

If the return value is ERROR_NO_SUCH_ENTRY, no privilege set exists for the specified subject/object pair, and the subject has no rights with respect to the object. It can also indicate the object does not exist.

If the object exists but the subject does not exist, NWDSGetEffectiveRights returns a value of SUCCESSFUL and privileges is set to NULL.

Access to information about objects stored in the Directory is granted through access control lists ACL). The ACL is an attribute defined by the Directory Services Schema and regulates access to its associated object or attribute. The ACL can be read or modified by calling NWDSRead and NWDSModifyObject. Likewise, other access operations can be applied to the ACL.

The ACL grants access privileges to a specified object, called the subject, regarding the object the ACL protects. Optionally, privileges may be granted with respect to a specified attribute of the protected object. (For details about the ACL attribute, see NetWare Directory Services Schema Specification.

A subject can inherit access to an object through various security equivalences. NWDSGetEffectiveRights provides a summary of all cases where a particular subject may receive access to a particular object. (The value for individual ACLs can be read or modified using the standard Access Services.)

The subject can be the name of the objects in the Directory, or it can be one of the following ``special'' subjects:

Special Subjects 
     [Creator] 
     [Inheritance Mask] 
     [Public] 
     [Root] 
     [Self] 

attrName specifies an attribute of the object for which the effective rights of the subject are requested. The attribute can also be one of the following ``special'' attribute names:

Special Attribute Names 
     [All Attribute Rights] 
     [Entry Rights] 
     [SMS Rights] 

privileges returns the effective privilege set for subject/object or subject/attribute pair. Defined privileges follow:

All Attribute Rights

0x00000001L
DS_ATTR_COMPARE

0x00000002L
DS_ATTR_READ

0x00000004L
DS_ATTR_WRITE

0x00000008L
DS_ATTR_SELF

0x00000010L
DS_ATTR_SUPERVISOR

0x00000008L
DS_ATTR_SELF

Entry Rights

0x00000001L
DS_ENTRY_BROWSE

0x00000002L
DS_ENTRY_ADD

0x00000004L
DS_ENTRY_DELETE

0x00000008L
DS_ENTRY_RENAME

0x00000010L
DS_ENTRY_SUPERVISOR
[SMS Rights] 
     DS_SMS_SCAN            0x00000001L 
     DS_SMS_BACKUP          0x00000002L 
     DS_SMS_RESTORE         0x00000004L 
     DS_SMS_RENAME          0x00000008L 
     DS_SMS_DELETE          0x00000010L 
     DS_SMS_ADMIN           0x00000020L 

Services

Directory

NCP calls

0x2222 23 17
Get File Server Information

0x2222 23 22
Get Station's Logged Info (old)

0x2222 23 28
Get Station's Logged Info

0x2222 104 01
Ping for NDS NCP

0x2222 104 02
Send NDS Fragmented Request/Reply

30 January 1998
© 1998 The Santa Cruz Operation, Inc. All rights reserved.