Edit

AddAuditAccessAce function (securitybaseapi.h)

  • Article

The AddAuditAccessAce function adds a system-audit access control entry (ACE) to a system access control list (ACL). The access of a specified security identifier (SID) is audited.

To control whether the new ACE can be inherited by child objects, use the AddAuditAccessAceEx function.

Syntax

BOOL AddAuditAccessAce(
  [in, out] PACL  pAcl,
  [in]      DWORD dwAceRevision,
  [in]      DWORD dwAccessMask,
  [in]      PSID  pSid,
  [in]      BOOL  bAuditSuccess,
  [in]      BOOL  bAuditFailure
);

Parameters

[in, out] pAcl

A pointer to an ACL. This function adds a system-audit ACE to this ACL. The ACE is in the form of a SYSTEM_AUDIT_ACE structure.

[in] dwAceRevision

Specifies the revision level of the ACL being modified.

This value can be ACL_REVISION or ACL_REVISION_DS. Use ACL_REVISION_DS if the ACL contains object-specific ACEs.

[in] dwAccessMask

Specifies the mask of access rights to be audited for the specified SID.

[in] pSid

A pointer to the SID representing the process whose access is being audited.

[in] bAuditSuccess

Specifies whether successful access attempts are to be audited. Set this flag to TRUE to enable auditing; otherwise, set it to FALSE.

[in] bAuditFailure

Specifies whether unsuccessful access attempts are to be audited. Set this flag to TRUE to enable auditing; otherwise, set it to FALSE.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError. The following are possible error values.

Return code Description
ERROR_ALLOTTED_SPACE_EXCEEDED
 The new ACE does not fit into the ACL. A larger ACL buffer is required.
ERROR_INVALID_ACL
 The specified ACL is not properly formed.
ERROR_INVALID_SID
 The specified SID is not structurally valid.
ERROR_REVISION_MISMATCH
 The specified revision is not known or is incompatible with that of the ACL.
ERROR_SUCCESS
 The ACE was successfully added.

Remarks

The ACE_HEADER structure placed in the ACE by the AddAuditAccessAce function specifies a type and size, but provides no ACE flags.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header securitybaseapi.h (include Windows.h)
Library Advapi32.lib
DLL Advapi32.dll

See also

ACE_HEADER

AddAccessAllowedAce

AddAccessDeniedAce

AddAce

AddAuditAccessAceEx

DeleteAce

GetAce

Low-level Access Control

Low-level Access Control Functions

SYSTEM_AUDIT_ACE