MSDN Library

Windows Development

Security and Identity

Authorization

Authorization Reference

Authorization Functions

AccessCheck

AccessCheckAndAuditAlarm

AccessCheckByType

AccessCheckByTypeAndAuditAlarm

AccessCheckByTypeResultList

AccessCheckByTypeResultListAndAuditAlarm

AccessCheckByTypeResultListAndAuditAlarmByHandle

AddAccessAllowedAce

AddAccessAllowedAceEx

AddAccessAllowedObjectAce

AddAccessDeniedAce

AddAccessDeniedAceEx

AddAccessDeniedObjectAce

AddAce

AddAuditAccessAce

AddAuditAccessAceEx

AddAuditAccessObjectAce

AddConditionalAce

AddMandatoryAce

AddResourceAttributeAce

AddScopedPolicyIDAce

AdjustTokenGroups

AdjustTokenPrivileges

AllocateAndInitializeSid

AllocateLocallyUniqueId

AreAllAccessesGranted

AreAnyAccessesGranted

AuditComputeEffectivePolicyBySid

AuditComputeEffectivePolicyByToken

AuditEnumerateCategories

AuditEnumeratePerUserPolicy

AuditEnumerateSubCategories

AuditFree

AuditLookupCategoryGuidFromCategoryId

AuditLookupCategoryIdFromCategoryGuid

AuditLookupCategoryName

AuditLookupSubCategoryName

AuditQueryPerUserPolicy

AuditQuerySecurity

AuditQuerySystemPolicy

AuditSetPerUserPolicy

AuditSetSecurity

AuditSetSystemPolicy

AuthzAccessCheck

AuthzAccessCheckCallback

AuthzAddSidsToContext

AuthzCachedAccessCheck

AuthzComputeGroupsCallback

AuthzEnumerateSecurityEventSources

AuthzFreeAuditEvent

AuthzFreeCentralAccessPolicyCache

AuthzFreeContext

AuthzFreeGroupsCallback

AuthzFreeHandle

AuthzFreeResourceManager

AuthzGetInformationFromContext

AuthzInitializeCompoundContext

AuthzInitializeContextFromAuthzContext

AuthzInitializeContextFromSid

AuthzInitializeContextFromToken

AuthzInitializeObjectAccessAuditEvent

AuthzInitializeObjectAccessAuditEvent2

AuthzInitializeRemoteResourceManager

AuthzInitializeResourceManager

AuthzInitializeResourceManagerEx

AuthzInstallSecurityEventSource

AuthzModifyClaims

AuthzModifySecurityAttributes

AuthzModifySids

AuthzOpenObjectAudit

AuthzRegisterCapChangeNotification

AuthzRegisterSecurityEventSource

AuthzReportSecurityEvent

AuthzReportSecurityEventFromParams

AuthzSetAppContainerInformation

AuthzUninstallSecurityEventSource

AuthzUnregisterCapChangeNotification

AuthzUnregisterSecurityEventSource

BuildExplicitAccessWithName

BuildImpersonateExplicitAccessWithName

BuildImpersonateTrustee

BuildSecurityDescriptor

BuildTrusteeWithName

BuildTrusteeWithObjectsAndName

BuildTrusteeWithObjectsAndSid

BuildTrusteeWithSid

CheckTokenCapability

CheckTokenMembership

CheckTokenMembershipEx

ConvertSecurityDescriptorToStringSecurityDescriptor

ConvertSidToStringSid

ConvertStringSecurityDescriptorToSecurityDescriptor

ConvertStringSidToSid

ConvertToAutoInheritPrivateObjectSecurity

CopySid

CreatePrivateObjectSecurity

CreatePrivateObjectSecurityEx

CreatePrivateObjectSecurityWithMultipleInheritance

CreateRestrictedToken

CreateSecurityPage

CreateWellKnownSid

DeleteAce

DestroyPrivateObjectSecurity

DSCreateSecurityPage

DSCreateISecurityInfoObject

DSCreateISecurityInfoObjectEx

DSEditSecurity

DuplicateToken

DuplicateTokenEx

EditSecurity

EditSecurityAdvanced

EqualDomainSid

EqualPrefixSid

EqualSid

FindFirstFreeAce

FreeInheritedFromArray

FreeSid

GetAce

GetAclInformation

GetAppContainerNamedObjectPath

GetAuditedPermissionsFromAcl

GetEffectiveRightsFromAcl

GetExplicitEntriesFromAcl

GetFileSecurity

GetInheritanceSource

GetKernelObjectSecurity

GetLengthSid

GetMultipleTrustee

GetMultipleTrusteeOperation

GetNamedSecurityInfo

GetPrivateObjectSecurity

GetSecurityDescriptorControl

GetSecurityDescriptorDacl

GetSecurityDescriptorGroup

GetSecurityDescriptorLength

GetSecurityDescriptorOwner

GetSecurityDescriptorRMControl

GetSecurityDescriptorSacl

GetSecurityInfo

GetSidIdentifierAuthority

GetSidLengthRequired

GetSidSubAuthority

GetSidSubAuthorityCount

GetTokenInformation

GetTrusteeForm

GetTrusteeName

GetTrusteeType

GetUserObjectSecurity

GetWindowsAccountDomainSid

ImpersonateAnonymousToken

ImpersonateLoggedOnUser

ImpersonateNamedPipeClient

ImpersonateSelf

InitializeAcl

InitializeSecurityDescriptor

InitializeSid

IsTokenRestricted

IsValidAcl

IsValidSecurityDescriptor

IsValidSid

IsWellKnownSid

LookupAccountName

LookupAccountSid

LookupPrivilegeDisplayName

LookupPrivilegeName

LookupPrivilegeValue

LookupSecurityDescriptorParts

MakeAbsoluteSD

MakeSelfRelativeSD

MapGenericMask

NtCompareTokens

ObjectCloseAuditAlarm

ObjectDeleteAuditAlarm

ObjectOpenAuditAlarm

ObjectPrivilegeAuditAlarm

OpenProcessToken

OpenThreadToken

PrivilegeCheck

PrivilegedServiceAuditAlarm

QuerySecurityAccessMask

QueryServiceObjectSecurity

RegGetKeySecurity

RegSetKeySecurity

RevertToSelf

RtlConvertSidToUnicodeString

RtlSetSaclSecurityDescriptor

SetAclInformation

SetEntriesInAcl

SetFileSecurity

SetKernelObjectSecurity

SetNamedSecurityInfo

SetPrivateObjectSecurity

SetPrivateObjectSecurityEx

SetSecurityAccessMask

SetSecurityDescriptorControl

SetSecurityDescriptorDacl

SetSecurityDescriptorGroup

SetSecurityDescriptorOwner

SetSecurityDescriptorRMControl

SetSecurityDescriptorSacl

SetSecurityInfo

SetServiceObjectSecurity

SetThreadToken

SetTokenInformation

SetUserObjectSecurity

TreeResetNamedSecurityInfo

TreeSetNamedSecurityInfo

Community Content

Add code samples and tips to enhance this topic.

More...

0 out of 1 rated this helpful - Rate this topic

GetExplicitEntriesFromAcl function

Applies to: desktop apps only

The GetExplicitEntriesFromAcl function retrieves an array of structures that describe the access control entries (ACEs) in an access control list (ACL).

Syntax

Copy

DWORD WINAPI GetExplicitEntriesFromAcl(
  __in   PACL pacl,
  __out  PULONG pcCountOfExplicitEntries,
  __out  PEXPLICIT_ACCESS *pListOfExplicitEntries
);

Parameters

pacl [in]: A pointer to an ACL structure from which to get ACE information.
pcCountOfExplicitEntries [out]: A pointer to a variable that receives the number of EXPLICIT_ACCESS structures returned in the pListOfExplicitEntries array.
pListOfExplicitEntries [out]: A pointer to a variable that receives a pointer to an array of EXPLICIT_ACCESS structures that describe the ACEs in the ACL. If the function succeeds, you must call the LocalFree function to free the returned buffer.

Return value

If the function succeeds, the function returns ERROR_SUCCESS.

If the function fails, it returns a nonzero error code defined in WinError.h.

Remarks

Each entry in the array of EXPLICIT_ACCESS structures describes access control information from an ACE for a trustee. A trustee can be a user, group, or program (such as a Windows service).

Each EXPLICIT_ACCESS structure specifies a set of access rights and an access mode flag that indicates whether the ACE allows, denies, or audits the specified rights.

For a discretionary access control list (DACL), the access mode flag can be either GRANT_ACCESS or DENY_ACCESS. For information about these values, see ACCESS_MODE.

For a system access control list (SACL), the access mode flag can be SET_AUDIT_ACCESS, SET_AUDIT_FAILURE, or both. For information about these values, see ACCESS_MODE.

Requirements

Minimum supported client	Windows XP
Minimum supported server	Windows Server 2003
Header	Aclapi.h
Library	Advapi32.lib
DLL	Advapi32.dll
Unicode and ANSI names	GetExplicitEntriesFromAclW (Unicode) and GetExplicitEntriesFromAclA (ANSI)

See also

Access Control
Basic Access Control Functions
ACCESS_ALLOWED_ACE
ACCESS_DENIED_ACE
ACCESS_MODE
ACE
ACL
EXPLICIT_ACCESS
LocalFree
SYSTEM_AUDIT_ACE

Send comments about this topic to Microsoft

Build date: 3/7/2012

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

Annotations

FAQ

© 2012 Microsoft. All rights reserved.

Terms of Use | Trademarks | Privacy Statement | Site Feedback Site Feedback

Site Feedback

x

Tell us about your experience...

Did the page load quickly?

Yes No

Do you like the page design?

Yes No

Tell us more