HP Open Source Security for OpenVMS Volume 1: Common Data Security Architecture > CDSA API Functions

DL_GetDbAcl

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

CSSM_DL_GetDbAcl — Get ACL description (CDSA)

SYNOPSIS

# include <cssm.h>
API:
CSSM_RETURN CSSMAPI CSSM_DL_GetDbAcl
(CSSM_DL_DB_HANDLE DLDBHandle,
const CSSM_STRING *SelectionTag,
uint32 *NumberOfAclInfos,
CSSM_ACL_ENTRY_INFO_PTR *AclInfos)
SPI:
CSSM_RETURN CSSMDLI DL_GetDbAcl
(CSSM_DL_DB_HANDLE DLDBHandle,
const CSSM_STRING *SelectionTag,
uint32 *NumberOfAclInfos,
CSSM_ACL_ENTRY_INFO_PTR *AclInfos)

LIBRARY

Common Security Services Manager library (cdsa$incssm300_shr.exe)

PARAMETERS

DLDBHandle (input)
  

The handle pair that identifies the Data Storage service provider to perform this operation and the target data store whose associated ACL entries are scanned and returned.

SelectionTag (input/optional)
  

A CSSM_STRING value matching the user-defined tag value associated with one or more ACL entries for the target data base. To retrieve a description of all ACL entries for the target data base, this parameter must be NULL.

NumberOfAclInfos (output)
  

The number of entries in the AclInfos array. If no ACL entry descriptions are returned, this value is zero.

AclInfos (output)
  

An array of CSSM_ACL_ENTRY_INFO structures. The unique handle contained in each structure can be used during the current attach session to reference the ACL entry for editing. The structure is allocated by the service provider and must be released by the caller when the structure is no longer needed. If no ACL entry descriptions are returned, this value is NULL.

DESCRIPTION

This function returns a description of zero or more ACL entries managed by the data storage service provider module and associated with the target database identified by DLDBHandle.DBHandle. The optional input SelectionTag restricts the returned descriptions to those ACL entries with a matching EntryTag value. If a SelectionTag value is specified and no matches are found, zero descriptions are returned. If no SelectionTag is specified, a description of all ACL entries associated with the target data base are returned by this function.

Each AclInfo structure contains:

  • Public contents of an ACL entry

  • ACL EntryHandle, which is a unique value defined and managed by the service provider

The public ACL entry information returned by this function includes:

The subject type 

A CSSM_LIST structure containing one element identifying the type of subject stored in the ACL entry.

Delegation flag 

A CSSM_BOOL value indicating whether the subject can delegate the permissions recorded in Authorization.

Authorization array
  

A CSSM_AUTHORIZATIONGROUP structure defining the set of operations for which permission is granted to the Subject.

Validity period 

A CSSM_ACL_VALIDITY_PERIOD structure containing two elements, the start time and the stop time for which the ACL entry is valid.

ACL entry tag 

A CSSM_STRING containing a user-defined value associated with the ACL entry.

RETURN VALUE

A CSSM_RETURN value indicating success or specifying a particular error condition. The value CSSM_OK indicates success. All other values represent an error condition.

ERRORS

Errors are described in the CDSA Technical Standard. 

CSSMERR_DL_INVALID_DB_HANDLE

SEE ALSO

Books

Intel CDSA Application Developer's Guide

Online Help

Functions for the CSSM API:

CSSM_DL_ChangeDbAcl

Functions for the DL SPI:

DL_ChangeDbAcl



DL_FreeUniqueRecord
  		 


DL_GetDbNameFromHandle