Expand Minimize

RtlAddAccessAllowedAce routine

The RtlAddAccessAllowedAce routine adds an access-allowed access control entry (ACE) to an access control list (ACL). The access is granted to the specified security identifier (SID).

Syntax


NTSTATUS RtlAddAccessAllowedAce(
  _Inout_  PACL Acl,
  _In_     ULONG AceRevision,
  _In_     ACCESS_MASK AccessMask,
  _In_     PSID Sid
);

Parameters

Acl [in, out]

Pointer to a caller-allocated buffer containing the ACL to be modified. RtlAddAccessAllowedAce adds an access-allowed ACE to the end of this ACL. The ACE is in the form of an ACCESS_ALLOWED_ACE structure.

AceRevision [in]

ACL revision level of the ACE to be added. Windows version requirments are the following:

ValueMeaning
ACL_REVISION

The revision level valid on all Windows versions.

ACL_REVISION_DS

The revision level valid starting with Windows 2000.

Note  AceRevision must be ACL_REVISION_DS if the ACL in Acl contains an object-specific ACE.

 

AccessMask [in]

Bitmask of one or more ACCESS_MASK flags specifying the access rights to be granted to the specified SID. For more information, see the description of the DesiredAccess parameter of ZwCreateFile.

Sid [in]

Pointer to the SID structure representing a user, group, or logon account that is being granted access.

Return value

RtlAddAccessAllowedAce can return one of the following values:

Return codeDescription
STATUS_SUCCESS

The ACE was successfully added.

STATUS_ALLOTTED_SPACE_EXCEEDED

A new ACE does not fit into the ACL. A larger ACL buffer is required. See RtlCreateAcl for information about calculating the size of an ACL.

STATUS_INVALID_ACL

The specified ACL is not properly formed.

STATUS_INVALID_SID

The specified SID structure is not structurally valid.

STATUS_REVISION_MISMATCH

The specified revision is not known or is not compatible with that of the ACL.

 

Remarks

For more information about security and access control, see the documentation on these topics in the Microsoft Windows Software Development Kit (SDK) for Windows 7 and .NET Framework 4.0.

Requirements

Header

Ntifs.h (include Ntifs.h)

Library

Ntoskrnl.lib

IRQL

< DISPATCH_LEVEL

See also

ACCESS_ALLOWED_ACE
ACCESS_MASK
ACE
ACL
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlCreateSecurityDescriptorRelative
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlValidSecurityDescriptor
SeAssignSecurity
SID
ZwCreateFile

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft