Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Security
Authorization
 ACCESS_ALLOWED_ACE Structure

  Switch on low bandwidth view
ACCESS_ALLOWED_ACE Structure

The ACCESS_ALLOWED_ACE structure defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-allowed ACE allows access to an object for a specific trustee identified by a security identifier (SID).

Syntax

C++
typedef struct _ACCESS_ALLOWED_ACE {
  ACE_HEADER  Header;
  ACCESS_MASK Mask;
  DWORD       SidStart;
}ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;

Members

Header

ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by child objects. The AceType member of the ACE_HEADER structure should be set to ACCESS_ALLOWED_ACE_TYPE, and the AceSize member should be set to the total number of bytes allocated for the ACCESS_ALLOWED_ACE structure.

Mask

Specifies an ACCESS_MASK structure that specifies the access rights granted by this ACE.

SidStart

The first DWORD of a trustee's SID. The remaining bytes of the SID are stored in contiguous memory after the SidStart member. This SID can be appended with application data.

Remarks

ACE structures must be aligned on DWORD boundaries. All Windows memory-management functions return DWORD-aligned handles to memory.

The access rights specified by the Mask member are granted to any trustee that possesses an enabled SID that matches the SID stored in the SidStart member.

An ACCESS_ALLOWED_ACE structure can be created in an access control list (ACL) by a call to the AddAccessAllowedAce or AddAccessAllowedAceEx function. When these functions are used, the correct amount of memory needed to accommodate the trustee's SID is allocated and the values of the Header.AceType and Header.AceSize members are set automatically. If the AddAccessAllowedAceEx function is used, the Header.AceFlags member is also set. When an ACCESS_ALLOWED_ACE structure is created outside an ACL, sufficient memory must be allocated to accommodate the complete SID of the trustee in the SidStart member and the contiguous memory following it, and the values of the Header.AceType, Header.AceFlags, and Header.AceSize members must be set explicitly by the application.

Requirements

Minimum supported clientWindows 2000 Professional
Minimum supported serverWindows 2000 Server
HeaderWinnt.h (include Windows.h)

See Also

ACE
ACL
AddAccessAllowedAce
AddAce
GetAce
SID

Send comments about this topic to Microsoft

Build date: 6/26/2009

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker