Skip to content

Custom Authorization Wording

hewigovens edited this page Dec 27, 2013 · 1 revision

###Example  photo vmware_one_time_install_zps718069c6.png VMWare

 photo even_better_auth_example_zpsf8ce2d31.png

Apple EvenBetterAuthorizationSample


Creates or updates a right entry in the policy database.

OSStatus AuthorizationRightSet (
   AuthorizationRef authRef,
   const char *rightName,
   CFTypeRef rightDefinition,
   CFStringRef descriptionKey,
   CFBundleRef bundle,
   CFStringRef localeTableName
A valid authorization reference used to authorize modifications.
An ASCII character string representing the right name. The policy database does not accept wildcard right names.
Either a CFDictionary containing keys defining the rules or a CFString representing the name of another right whose rules you wish to duplicate. See Policy Database Constants for some possible values.
A CFString reference used as a key for looking up localized descriptions. If no localization is found, this is the description itself. This parameter is optional; pass NULL if you do not require it.
A bundle to get localizations from if not the main bundle. This parameter is optional; pass NULL if you do not require it.
A CFString representing a table name from which to get localizations. This parameter is optional; pass NULL if you have no localizations or you wish to use the localizations available in Localizable.strings.
Return Value
A result code. See “Authorization Services Result Codes.”

The right you create must be an explicit right with no wildcards. Wildcard rights are for use by system administrators for site configuration.

You can use this function to create a new right or modify an existing right. For example:

AuthorizationRightSet(NULL, "com.ifoo.ifax.send",
CFSTR(kAuthorizationRuleIsAdmin), CFSTR("Authorize sending  of a fax"), NULL, NULL);
adds a rule for letting administrators send faxes. This example creates a right named "com.ifoo.ifax.send" and sets the rules to require the user to be an administrator by using the kAuthorizationRuleIsAdmin constant. This example also sets a comment to let the system administrator know that the right authorizes administrators to send a fax.

Because the first parameter is NULL, a new AuthorizationRef object is created internally and disposed of. If you need to further use the AuthorizationRef object (for example, when calling AuthorizationExecuteWithPrivileges), you must explicitly create the object and pass it in as the first argument to AuthorizationRightSet, then free it with a call to AuthorizationFree.

To specify additional attributes for the right, you can pass an CFDictionary type in the rightDefinition parameter as shown in the following example.

CFStringRef keys[2] = {CFSTR(kRightRule), CFSTR(kRightComment)};
CFStringRef values[2] = {CFSTR(kAuthorizationRuleIsAdmin), CFSTR("authorizes  sending of 1 fax message")};
AuthorizationRef authRef;
CFDictionaryRef aDict;
aDict = CFDictionaryCreate(NULL, (void *)keys, (void *)values, 2,  &kCFCopyStringDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
AuthorizationCreate(NULL, NULL, 0, &authRef);
AuthorizationRightSet(authRef, "com.ifoo.ifax.send", aDict,  CFSTR("Authorize sending  of a fax"), NULL, NULL);
AuthorizationFree(authRef, kAuthorizationFlagDefaults);
This call creates the same right as before, but adds a specific right comment to the rules definition.

When you specify comments, you should be specific about what you need to authorize. For example, the means of proof required for kAuthorizationRuleAuthenticateAsAdmin (a username and password) should not be included here since that rule might be configured differently.

Available in OS X v10.3 and later.
Declared In
You can’t perform that action at this time.