Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Windows Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
Windows Driver Kit
Reference
 RtlAddAccessAllowedAce
Windows Driver Kit: Installable File System Drivers
RtlAddAccessAllowedAce

The RtlAddAccessAllowedAce routine adds an access-allowed access control entry (ACE) to an access control list (ACL). The access is granted to the specified security identifier (SID). 

NTSTATUS
  RtlAddAccessAllowedAce(
    IN OUT PACL  Acl,
    IN ULONG  AceRevision,
    IN ACCESS_MASK  AccessMask,
    IN PSID  Sid
    );

Parameters

Acl
Pointer to a caller-allocated buffer containing the ACL to be modified. RtlAddAccessAllowedAce adds an access-allowed ACE to the end of this ACL. The ACE is in the form of an ACCESS_ALLOWED_ACE structure.
AceRevision
ACL revision level of the ACE to be added.

Microsoft Windows NT 4.0 and earlier: This value must be ACL_REVISION.

Microsoft Windows 2000 and later: This value can be ACL_REVISION or ACL_REVISION_DS. It must be ACL_REVISION_DS if the ACL contains an object-specific ACE.

AccessMask
Bitmask of one or more ACCESS_MASK flags specifying the access rights to be granted to the specified SID. For more information, see the description of the DesiredAccess parameter of ZwCreateFile.
Sid
Pointer to the SID structure representing a user, group, or logon account that is being granted access.

Return Value

RtlAddAccessAllowedAce can return one of the following values:

STATUS_SUCCESS
The ACE was successfully added.
STATUS_ALLOTTED_SPACE_EXCEEDED
A new ACE does not fit into the ACL. A larger ACL buffer is required. See RtlCreateAcl for information about calculating the size of an ACL.
STATUS_INVALID_ACL
The specified ACL is not properly formed.
STATUS_INVALID_SID
The specified SID structure is not structurally valid.
STATUS_REVISION_MISMATCH
The specified revision is not known or is not compatible with that of the ACL.

Comments

For more information about security and access control, see the documentation on these topics in the Microsoft Windows SDK.

Requirements

IRQL: < DISPATCH_LEVEL

Headers: Declared in Ntifs.h. Include Ntifs.h.

See Also

ACCESS_ALLOWED_ACE, ACCESS_MASK, ACE, ACL, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlCreateSecurityDescriptorRelative, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlValidSecurityDescriptor, SeAssignSecurity, SID, ZwCreateFile


Send feedback on this topic
Built on November 23, 2009
© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Page view tracker