Export (0) Print
Expand All

ACE

An ACE is an access-control entry (ACE) in an access-control list (ACL).

Following are the currently defined ACE types.

AttributeDescription

ACCESS_ALLOWED_ACE

Grants specified rights to a user or group. This ACE is stored in a discretionary ACL (DACL).

ACCESS_DENIED_ACE

Denies specified rights to a user or group. This ACE is stored in a DACL.

SYSTEM_AUDIT_ACE

Specifies what types of access will cause system-level audits. This ACE is stored in a system ACL (SACL).

 

A fourth ACE structure, SYSTEM_ALARM_ACE, is not currently supported.

Remarks

An ACL contains a list of ACEs. An ACE defines access to an object for a specific user or group or defines the types of access that generate system-administration messages or alarms for a specific user or group. The user or group is identified by a security identifier (SID).

Each ACE starts with an ACE_HEADER structure. The format of the data following the header varies according to the ACE type specified in the header.

This structure must be aligned on a 32-bit boundary.

Requirements

Header

Ntifs.h (include Ntifs.h)

See also

ACCESS_ALLOWED_ACE
ACCESS_DENIED_ACE
ACE_HEADER
ACL
RtlAddAccessAllowedAce
RtlGetAce
SID
SYSTEM_ALARM_ACE
SYSTEM_AUDIT_ACE

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft