#include <nwnet.h> or #include <nwdsacl.h>NWDSCCODE N_API NWDSGetEffectiveRights (NWDSContextHandle context, pnstr8 subjectName, pnstr8 objectName, pnstr8 attrName, pnuint32 privileges);
If the return value is ERROR_NO_SUCH_ENTRY, no privilege set exists for the specified subject/object pair, and the subject has no rights with respect to the object. It can also indicate the object does not exist.
If the object exists but the subject does not exist, NWDSGetEffectiveRights returns a value of SUCCESSFUL and privileges is set to NULL.
Access to information about objects stored in the Directory is granted through access control lists ACL). The ACL is an attribute defined by the Directory Services Schema and regulates access to its associated object or attribute. The ACL can be read or modified by calling NWDSRead and NWDSModifyObject. Likewise, other access operations can be applied to the ACL.
The ACL grants access privileges to a specified object, called the subject, regarding the object the ACL protects. Optionally, privileges may be granted with respect to a specified attribute of the protected object. (For details about the ACL attribute, see NetWare Directory Services Schema Specification.
A subject can inherit access to an object through various security equivalences. NWDSGetEffectiveRights provides a summary of all cases where a particular subject may receive access to a particular object. (The value for individual ACLs can be read or modified using the standard Access Services.)
The subject can be the name of the objects in the Directory, or it can be one of the following ``special'' subjects:
Special Subjects [Creator] [Inheritance Mask] [Public] [Root] [Self]
attrName specifies an attribute of the object for which the effective rights of the subject are requested. The attribute can also be one of the following ``special'' attribute names:
Special Attribute Names [All Attribute Rights] [Entry Rights] [SMS Rights]
privileges returns the effective privilege set for subject/object or subject/attribute pair. Defined privileges follow:
All Attribute Rights
Entry Rights
[SMS Rights] DS_SMS_SCAN 0x00000001L DS_SMS_BACKUP 0x00000002L DS_SMS_RESTORE 0x00000004L DS_SMS_RENAME 0x00000008L DS_SMS_DELETE 0x00000010L DS_SMS_ADMIN 0x00000020L
Directory