ACE
An ACE is an access-control entry (ACE) in an access-control list (ACL).
Following are the currently defined ACE types.
| Attribute | Description |
|---|---|
|
ACCESS_ALLOWED_ACE |
Grants specified rights to a user or group. This ACE is stored in a discretionary ACL (DACL). |
|
ACCESS_DENIED_ACE |
Denies specified rights to a user or group. This ACE is stored in a DACL. |
|
SYSTEM_AUDIT_ACE |
Specifies what types of access will cause system-level audits. This ACE is stored in a system ACL (SACL). |
A fourth ACE structure, SYSTEM_ALARM_ACE, is not currently supported.
Remarks
An ACL contains a list of ACEs. An ACE defines access to an object for a specific user or group or defines the types of access that generate system-administration messages or alarms for a specific user or group. The user or group is identified by a security identifier (SID).
Each ACE starts with an ACE_HEADER structure. The format of the data following the header varies according to the ACE type specified in the header.
This structure must be aligned on a 32-bit boundary.
Requirements
|
Header |
|
|---|
See also
- ACCESS_ALLOWED_ACE
- ACCESS_DENIED_ACE
- ACE_HEADER
- ACL
- RtlAddAccessAllowedAce
- RtlGetAce
- SID
- SYSTEM_ALARM_ACE
- SYSTEM_AUDIT_ACE
Send comments about this topic to Microsoft
Build date: 11/21/2012
