please dont rip this site Prev Next

AccessCheck info  Overview  Group

The AccessCheck function is used by a server application to check a clientís access to an object against the access control associated with the object.

BOOL AccessCheck(

    PSECURITY_DESCRIPTOR pSecurityDescriptor,

// pointer to security descriptor

    HANDLE ClientToken,

// handle to client access token

    DWORD DesiredAccess,

// access mask to request

    PGENERIC_MAPPING GenericMapping,

// address of generic-mapping structure

    PPRIVILEGE_SET PrivilegeSet,

// address of privilege-set structure

    LPDWORD PrivilegeSetLength,

// size of privilege-set structure

    LPDWORD GrantedAccess,

// address of granted access mask

    LPBOOL AccessStatus 

// address of flag indicating whether access granted



Pointer to a SECURITY_DESCRIPTOR structure against which access is checked.
Identifies an access token representing a client attempting to gain access.

This handle must be obtained from a communications session layer ¾ for instance, a named pipe ¾ to prevent possible security policy violations.

Specifies the access mask to be requested. This mask must have been mapped by the MapGenericMask function to contain no generic access rights.
Pointer to the GENERIC_MAPPING structure associated with the object for which access is being checked.
Pointer to a PRIVILEGE_SET structure that the function fills with any privileges used to perform the access validation. If no privileges were used, the buffer contains a privilege set consisting of zero privileges.
Specifies the size, in bytes, of the buffer pointed to by the PrivilegeSet parameter.
Pointer to a variable the function fills with an access mask indicating which access rights were granted. If the function fails, this access mask is not supplied.
Pointer to a flag indicating the success or failure of the access check. If AccessStatus is TRUE, the access token has the requested access to the object. If AccessStatus is FALSE, the access token does not have the requested access. When this parameter is FALSE, the application can use the GetLastError function to get extended error information.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.


The AccessCheck function compares the specified security descriptor with the specified access token and indicates, in the AccessStatus parameter, whether access is granted or denied. If access is granted, the requested access mask becomes the objectís granted access mask.

Only the discretionary access-control list is examined during an access check.

See Also

AccessCheckAndAuditAlarm, AreAllAccessesGranted, AreAnyAccessesGranted, GENERIC_MAPPING, MapGenericMask, PrivilegeCheck, PRIVILEGE_SET, SECURITY_DESCRIPTOR

file: /Techref/os/win/api/win32/func/src/f00_14.htm, 6KB, , updated: 2000/4/7 12:19, local time: 2024/6/18 10:43,

 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF=""> AccessCheck</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.

Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?


Welcome to!


Welcome to!