Export (0) Print
Expand All
ACE
ACL
SID
Expand Minimize

EXPLICIT_ACCESS structure

The EXPLICIT_ACCESS structure defines access control information for a specified trustee. Access control functions, such as SetEntriesInAcl and GetExplicitEntriesFromAcl, use this structure to describe the information in an access control entry (ACE) of an access control list (ACL).

Syntax


typedef struct _EXPLICIT_ACCESS {
  DWORD       grfAccessPermissions;
  ACCESS_MODE grfAccessMode;
  DWORD       grfInheritance;
  TRUSTEE     Trustee;
} EXPLICIT_ACCESS, *PEXPLICIT_ACCESS;

Members

grfAccessPermissions

A set of bit flags that use the ACCESS_MASK format to specify the access rights that an ACE allows, denies, or audits for the trustee. The functions that use the EXPLICIT_ACCESS structure do not convert, interpret, or validate the bits in this mask.

grfAccessMode

A value from the ACCESS_MODE enumeration. For a discretionary access control list (DACL), this flag indicates whether the ACL allows or denies the specified access rights. For a system access control list (SACL), this flag indicates whether the ACL generates audit messages for successful attempts to use the specified access rights, or failed attempts, or both. When modifying an existing ACL, you can specify the REVOKE_ACCESS flag to remove any existing ACEs for the specified trustee.

grfInheritance

A set of bit flags that determines whether other containers or objects can inherit the ACE from the primary object to which the ACL is attached. The value of this member corresponds to the inheritance portion (low-order byte) of the AceFlags member of the ACE_HEADER structure. This parameter can be NO_INHERITANCE to indicate that the ACE is not inheritable; or it can be a combination of the following values.

ValueMeaning
CONTAINER_INHERIT_ACE

Other containers that are contained by the primary object inherit the ACE.

INHERIT_NO_PROPAGATE

Inherit but do not propagate.

INHERIT_ONLY

Inherit only.

INHERIT_ONLY_ACE

The ACE does not apply to the primary object to which the ACL is attached, but objects contained by the primary object inherit the ACE.

NO_INHERITANCE

Do not inherit.

NO_PROPAGATE_INHERIT_ACE

The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags are not propagated to an inherited ACE.

OBJECT_INHERIT_ACE

Noncontainer objects contained by the primary object inherit the ACE.

SUB_CONTAINERS_AND_OBJECTS_INHERIT

Both containers and noncontainer objects that are contained by the primary object inherit the ACE. This flag corresponds to the combination of the CONTAINER_INHERIT_ACE and OBJECT_INHERIT_ACE flags.

SUB_CONTAINERS_ONLY_INHERIT

Other containers that are contained by the primary object inherit the ACE. This flag corresponds to the CONTAINER_INHERIT_ACE flag.

SUB_OBJECTS_ONLY_INHERIT

Noncontainer objects contained by the primary object inherit the ACE. This flag corresponds to the OBJECT_INHERIT_ACE flag.

 

Trustee

A TRUSTEE structure that identifies the user, group, or program (such as a Windows service) to which the ACE applies.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

AccCtrl.h

Unicode and ANSI names

EXPLICIT_ACCESS_W (Unicode) and EXPLICIT_ACCESS_A (ANSI)

See also

ACCESS_MASK
ACCESS_MODE
ACE
ACE_HEADER
ACL
BuildExplicitAccessWithName
BuildSecurityDescriptor
GetExplicitEntriesFromAcl
LookupSecurityDescriptorParts
SetEntriesInAcl
TRUSTEE

 

 

Community Additions

ADD
Show:
© 2014 Microsoft