The following structures are used with access control.
| Structure | Description |
|---|
| ACCESS_ALLOWED_ACE | Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-allowed ACE allows access to an object for a specific trustee identified by a security identifier (SID). |
| ACCESS_ALLOWED_CALLBACK_ACE | Defines an ACE for the DACL that controls access to an object. An access-allowed ACE allows access to an object for a specific trustee identified by a SID. This ACE allows a callback function to be called during access check. |
| ACCESS_ALLOWED_CALLBACK_OBJECT_ACE | Defines an ACE that controls allowed access to an object, property set, or property. This ACE allows a callback function to be called during access check. |
| ACCESS_ALLOWED_OBJECT_ACE | Defines an ACE that controls allowed access to an object, a property set, or property. |
| ACCESS_DENIED_ACE | Defines an ACE for the DACL that controls access to an object. An access-denied ACE denies access to an object for a specific trustee identified by a SID. |
| ACCESS_DENIED_CALLBACK_ACE | Defines an ACE for the DACL that controls access to an object. An access-denied ACE denies access to an object for a specific trustee identified by a SID. This ACE allows a callback function to be called during access check. |
| ACCESS_DENIED_CALLBACK_OBJECT_ACE | Defines an ACE that controls denied access to an object, a property set, or property. This ACE allows a callback function to be called during access check. |
| ACCESS_DENIED_OBJECT_ACE | Defines an ACE that controls denied access to an object, a property set, or property. |
| ACE | Lists the currently defined ACE types. |
| ACE_HEADER | Defines the type and size of an ACE. |
| ACL | Header of an access control list (ACL). |
| ACL_REVISION_INFORMATION | Contains revision information about an ACL structure. |
| ACL_SIZE_INFORMATION | Contains information about the size of an ACL structure. |
| EXPLICIT_ACCESS | Defines access control information for a specified trustee. |
| LUID | 64-bit value guaranteed to be unique only on the system on which it was generated. |
| LUID_AND_ATTRIBUTES | Represents a locally unique identifier (LUID) and its attributes. |
| OBJECTS_AND_NAME | Contains a string that identifies a trustee by name and additional strings that identify the object types of an object-specific ACE. |
| OBJECTS_AND_SID | Contains a SID that identifies a trustee and GUIDs that identify the object types of an object-specific ACE. |
| SECURITY_ATTRIBUTES | Contains the security descriptor for an object and specifies whether the handle retrieved by specifying this structure is inheritable. |
| SECURITY_DESCRIPTOR | Contains the security information associated with an object. |
| SID | Used to uniquely identify users or groups. |
| SID_AND_ATTRIBUTES | Represents a SID and its attributes. |
| SID_IDENTIFIER_AUTHORITY | Represents the top-level authority of a SID. |
| SYSTEM_ALARM_ACE | This structure is reserved for future use. |
| SYSTEM_ALARM_CALLBACK_ACE | This structure is reserved for future use. |
| SYSTEM_ALARM_CALLBACK_OBJECT_ACE | This structure is reserved for future use. |
| SYSTEM_ALARM_OBJECT_ACE | This structure is reserved for future use. |
| SYSTEM_AUDIT_ACE | Defines an ACE for the system access control list (SACL) that specifies what types of access cause system-level notifications. |
| SYSTEM_AUDIT_CALLBACK_ACE | Defines an ACE for the SACL that specifies what types of access cause system-level notifications. This ACE allows a callback function to be called during access check. |
| SYSTEM_AUDIT_CALLBACK_OBJECT_ACE | Defines an ACE for a SACL. This ACE allows a callback function to be called during access check. |
| SYSTEM_AUDIT_OBJECT_ACE | Defines an ACE for a SACL. |
| SYSTEM_MANDATORY_LABEL_ACE | Defines an access control entry (ACE) for the system access control list (SACL) that specifies the mandatory access level and policy for a securable object. |
| TOKEN_CONTROL | Contains information that identifies an access token. |
| TOKEN_DEFAULT_DACL | Specifies a DACL. |
| TOKEN_GROUPS | Contains information about the group SIDs in an access token. |
| TOKEN_GROUPS_AND_PRIVILEGES | Contains information about the group SIDs and privileges in an access token. |
| TOKEN_ORIGIN | Contains information about the origin of the logon session. |
| TOKEN_OWNER | Contains the default owner SID that will be applied to newly created objects. |
| TOKEN_PRIMARY_GROUP | Specifies a group SID for an access token. |
| TOKEN_PRIVILEGES | Contains information about a set of privileges for an access token. |
| TOKEN_SOURCE | Identifies the source of an access token. |
| TOKEN_STATISTICS | Contains information about an access token. |
| TOKEN_USER | Identifies the user associated with an access token. |
| TRUSTEE | Identifies the user account, group account, or logon session to which an ACE applies. |
The following structures are used with the access control editor.
The following structures implement client/server access control functionality.