This article was previously published under Q252711
When you attempt to invoke the methods of a secure Microsoft Transaction Server (MTS) object from a Visual Basic application, the following error message appears:
Runtime error '70': Permission denied
This error occurs under the following circumstances:
The Enable Authorization Checking option has been turned on for the component in MTS.
The Microsoft Windows NT user account that launches the object from the Visual Basic application has not been assigned to any of the Roles authorized to invoke methods on the MTS Component.
To resolve this problem, use one of the following methods:
Turn off the Enable Authorization Checking option for the component. This can be done in the MTS Explorer by opening the Properties window for the component and deselecting the Enable Authorization Checking option in the Security tab. This is not a viable option in a production environment, or when testing the security defined for the MTS component.
Assign the Windows NT User ID that is being used to launch the MTS object from the Visual Basic application to one of the Roles authorized to invoke the methods of the MTS object.
This behavior is by design.
In MTS, Roles can be assigned to:
A component registered in an MTS Package,-and-
Individual COM interfaces that the component implements.
The Roles assigned to an MTS component are defined in the MTS Package in which the component is registered. Valid NT User and group accounts are assigned to the Roles defined in the MTS Package.
The following sections document the steps required to perform common tasks related to defining Roles for an MTS package, and assigning them to components and their interfaces.
Steps to Define a New Role in an MTS Package
Launch the MTS Explorer.
Expand the Package for which you wish to create a new Role.
Right-click on the Roles folder of the package, select New, and then select Role.
In the New Role dialog box, specify a name for the role that you are creating, and then click OK to create the Role.
Steps to Assign Windows NT User/Group Accounts to a Role
In MTS Explorer, expand the Role to which you wish to add the NT user/group accounts.
Right-click on the Users folder of the Role, select New, and then select User.
In the Add user and groups to a Role dialog box, click to select and then add the Windows NT user and group accounts that you wish to assign to the Role.
Steps to Assign a Role to an MTS Component
Launch MTS Explorer.
Select and expand the component to which you wish to assign a Role.
Right-click on the Role Membership folder of the component, click New, and then select Role. A Select Roles dialog box that lists the various roles defined for the package in which the component is registered is displayed
Select the Role that you wish to assign to the component and then click OK.
Steps to Assign a Role to an Interface Implemented by an MTS Component
Launch MTS Explorer.
Select and expand the component to whose interface you wish to assign a Role.
Expand the interfaces folder of the component.
Expand the interface to which you wish to assign a Role.
Right-click on the Role Membership folder of the interface, click New, and then select Role. A Select Roles dialog box that lists the various roles defined for the package in which the component is registered is displayed.
Select the Role that you wish to assign to the interface, and then click OK.