2.4.4.4 ACCESS_DENIED_ACE
The ACCESS_DENIED_ACE structure defines an ACE for the DACL that controls access to an object. An access-denied ACE denies access to an object for a specific trustee identified by a SID.
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
1 0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
2 0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
3 0 |
1 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Header |
|||||||||||||||||||||||||||||||
|
Mask |
|||||||||||||||||||||||||||||||
|
Sid (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
-
Header (4 bytes): An ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by child objects.
-
Mask (4 bytes): An ACCESS_MASK that specifies the user rights denied by this ACE.
-
Sid (variable): The SID of a trustee. The length of the SID MUST be a multiple of 4.
