CSacl Class

This class is a wrapper for a SACL (system access-control list) structure.

Important note Important

This class and its members cannot be used in applications that execute in the Windows Runtime.

class CSacl : public CAcl




The constructor.


The destructor.




Adds an audit access-control entry (ACE) to the CSacl object.


Returns the number of access-control entries (ACEs) in the CSacl object.


Removes a specific ACE (access-control entry) from the CSacl object.


Removes all of the ACEs contained in the CSacl object.



CSacl::operator =

Assignment operator.

A SACL contains access-control entries (ACEs) that specify the types of access attempts that generate audit records in the security event log of a domain controller. Note that a SACL generates log entries only on the domain controller where the access attempt occurred, not on every domain controller that contains a replica of the object.

To set or retrieve the SACL in an object's security descriptor, the SE_SECURITY_NAME privilege must be enabled in the access token of the requesting thread. The administrators group has this privilege granted by default, and it can be granted to other users or groups. Having the privilege granted is not all that is required: before the operation defined by the privilege can be performed, the privilege must be enabled in the security access token in order to take effect. The model allows privileges to be enabled only for specific system operations, and then disabled when they are no longer needed. See AtlGetSacl and AtlSetSacl for examples of enabling SE_SECURITY_NAME.

Use the class methods provided to add, remove, create, and delete ACEs from the SACL object. See also AtlGetSacl and AtlSetSacl.

For an introduction to the access control model in Windows, see Access Control in the Windows SDK.

Header: atlsecurity.h