FPCSecurityRole Object

The FPCSecurityRole object represents a security role, or administrative role. An administrative role defines a set of rights, which authorize Windows users and groups to perform specific actions, such as administrative tasks.

Forefront TMG implements access control to all components of the configuration and monitoring information through the Windows security descriptors of the applicable objects. The discretionary access control list (DACL) in the security descriptor of each object defines the types of access, or permissions, that can be granted to users and groups and specifies the users and groups that have been granted each of the permissions defined.

When an administrative role is assigned to a user or group, Forefront TMG configures the DACL in the security descriptor of the corresponding objects to grant the permissions needed to perform the actions allowed by the role to the user or group. Forefront TMG also reconfigures the DACLs in the applicable security descriptors whenever the assignments of the administrative roles are modified or the Microsoft Forefront TMG Control service (isactrl) is restarted. The rights included in an administrative role are specified in the Definition property in XML format.

Forefront TMG has three predefined administrative roles within an array.

Users that belong to the Administrators group on an array member have the permissions associated with the Forefront TMG Array Administrator role. For more information about the specific permissions associated with each role, see the product documentation.

When an enterprise with central array management is deployed, Forefront TMG has two additional administrative roles for the enterprise configuration and for enterprise policies.

The FPCSecurityRole object representing the administrative role assigned to a specific Windows user or group of users is referenced through the FPCRef object held in the Role property of the applicable FPCDelegatedAdmin object.

This object is an element of an FPCSecurityRoles collection.

Click here to see the Forefront TMG object hierarchy.


This object inherits from the FPCPersist object, which contains methods and properties related to the persistent storage of an object's data. They include methods for exporting the object's data to and importing it from an XML document.


The FPCSecurityRole object does not define any methods.


The FPCSecurityRole object defines the following properties.

Property Description


Gets the definition of the rights included in the administrative role in XML format.


Gets the description of the administrative role.


Gets the name of the administrative role.


Gets a Boolean value that indicates whether the administrative role is predefined.

Methods Inherited from FPCPersist

Name Description
CancelWaitForChanges Cancels the registration established by the WaitForChanges method (for use in C and C++ programming only).
CanImport Returns a Boolean value that indicates whether the object's properties can be imported from the specified XML document.
Export Writes the stored values of all of the object's properties to the specified XML document.
ExportToFile Writes the stored values of all of the object's properties to the specified XML file.
GetServiceRestartMask Retrieves a 32-bit bitmask of the FpcServices enumerated type that specifies which services need to be restarted for currently unsaved changes to take effect.
Import Copies the values of all of the object's properties from the specified XML document to persistent storage.
ImportFromFile Copies the values of all of the object's properties from the specified XML file to persistent storage.
LoadDocProperties Provides the XML document's properties so that you can know what information can be imported from the document.
Refresh Reads the values of all of the object's properties from persistent storage, overwriting any changes that have not been saved.
Save Writes the current values of all of the object's properties to persistent storage.
WaitForChanges Registers to wait for an event indicating that the contents of the object have changed (for use in C and C++ programming only).

Properties Inherited from FPCPersist

Name Description
PersistentName Gets the persistent name of the object. The persistent name of an object is a name that is unique for the object at the respective level of the COM object hierarchy.
VendorParameterSets Gets an FPCVendorParametersSets object that can hold sets of custom data for extending the object.

Interfaces for C++ Programming

This object implements the IFPCSecurityRole interface.


Client Requires Windows Vista or Windows XP.
Server Requires Windows Server 2008.
Version Requires Forefront Threat Management Gateway (TMG).

Declared in Msfpccom.idl.

See Also

COM Objects

Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.