This class is a wrapper for a DACL (discretionary access-control list) structure.
This class and its members cannot be used in applications that execute in the Windows Runtime.
Adds an allowed ACE (access-control entry) to the CDacl object.
Adds a denied ACE to the CDacl object.
Returns the number of ACEs (access-control entries) in the CDacl object.
Removes a specific ACE (access-control entry) from the CDacl object.
Removes all of the ACEs contained in the CDacl object.
An object's security descriptor can contain a DACL. A DACL contains zero or more ACEs (access-control entries) that identify the users and groups who can access the object. If a DACL is empty (that is, it contains zero ACEs), no access is explicitly granted, so access is implicitly denied. However, if an object's security descriptor does not have a DACL, the object is unprotected and everyone has complete access.
To retrieve an object's DACL, you must be the object's owner or have READ_CONTROL access to the object. To change an object's DACL, you must have WRITE_DAC access to the object.
For an introduction to the access control model in Windows, see Access Control in the Windows SDK.