NAME
DL_GetDbAcl, CSSM_DL_GetDbAcl - Get ACL description (CDSA)
SYNOPSIS
# include <cssm.h>
API:
CSSM_RETURN CSSMAPI CSSM_DL_GetDbAcl
(CSSM_DL_DB_HANDLE DLDBHandle,
const CSSM_STRING *SelectionTag,
uint32 *NumberOfAclInfos,
CSSM_ACL_ENTRY_INFO_PTR *AclInfos)
SPI:
CSSM_RETURN CSSMDLI DL_GetDbAcl
(CSSM_DL_DB_HANDLE DLDBHandle,
const CSSM_STRING *SelectionTag,
uint32 *NumberOfAclInfos,
CSSM_ACL_ENTRY_INFO_PTR *AclInfos)
LIBRARY
Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)
PARAMETERS
DLDBHandle (input)
The handle pair that identifies the Data Storage service
provider to perform this operation and the target data store
whose associated ACL entries are scanned and returned.
SelectionTag (input/optional)
A CSSM_STRING value matching the user-defined tag value
associated with one or more ACL entries for the target data
base. To retrieve a description of all ACL entries for the
target data base, this parameter must be NULL.
NumberOfAclInfos (output)
The number of entries in the AclInfos array. If no ACL entry
descriptions are returned, this value is zero.
AclInfos (output)
An array of CSSM_ACL_ENTRY_INFO structures. The unique handle
contained in each structure can be used during the current
attach session to reference the ACL entry for editing. The
structure is allocated by the service provider and must be
released by the caller when the structure is no longer needed.
If no ACL entry descriptions are returned, this value is NULL.
DESCRIPTION
This function returns a description of zero or more ACL entries managed
by the data storage service provider module and associated with the
target database identified by DLDBHandle.DBHandle. The optional input
SelectionTag restricts the returned descriptions to those ACL entries
with a matching EntryTag value. If a SelectionTag value is specified
and no matches are found, zero descriptions are returned. If no
SelectionTag is specified, a description of all ACL entries associated
with the target data base are returned by this function.
Each AclInfo structure contains:
· Public contents of an ACL entry
· ACL EntryHandle, which is a unique value defined and managed by
the service provider
The public ACL entry information returned by this function includes:
The subject type
A CSSM_LIST structure containing one element identifying the
type of subject stored in the ACL entry.
Delegation flag
A CSSM_BOOL value indicating whether the subject can delegate
the permissions recorded in Authorization
Authorization array
A CSSM_AUTHORIZATIONGROUP structure defining the set of
operations for which permission is granted to the Subject.
Validity period
A CSSM_ACL_VALIDITY_PERIOD structure containing two elements,
the start time and the stop time for which the ACL entry is
valid.
ACL entry tag
A CSSM_STRING containing a user-defined value associated with
the ACL entry.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular
error condition. The value CSSM_OK indicates success. All other
values represent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See CDSA.
CSSMERR_DL_INVALID_DB_HANDLE
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA)
Other Help Topics
Functions for the CSSM API:
CSSM_DL_ChangeDbAcl
Functions for the DL SPI:
DL_ChangeDbAcl