AddConditionalAce function
The AddConditionalAce function adds a conditional access control entry (ACE) to the specified access control list (ACL). A conditional ACE specifies a logical condition that is evaluated during access checks.
Syntax
BOOL WINAPI AddConditionalAce( _Inout_ PACL pAcl, _In_ DWORD dwAceRevision, _In_ DWORD AceFlags, _In_ UCHAR AceType, _In_ DWORD AccessMask, _In_ PSID pSid, _In_ PWCHAR ConditionStr, _Out_ DWORD *ReturnLength );
Parameters
- pAcl [in, out]
-
A pointer to an ACL. This function adds an ACE to this ACL.
The value of this parameter cannot be NULL.
- dwAceRevision [in]
-
Specifies the revision level of the ACL being modified. This value can be ACL_REVISION or ACL_REVISION_DS. Use ACL_REVISION_DS if the ACL contains object-specific ACEs.
- AceFlags [in]
-
A set of bit flags that control ACE inheritance. The function sets these flags in the AceFlags member of the ACE_HEADER structure of the new ACE. This parameter can be a combination of the following values.
- AceType [in]
-
The type of the ACE.
This can be one of the following values.
Value Meaning - ACCESS_ALLOWED_CALLBACK_ACE_TYPE
- 0x9
Access-allowed callback ACE that uses the ACCESS_ALLOWED_CALLBACK_ACE structure.
- ACCESS_DENIED_CALLBACK_ACE_TYPE
- 0xA
Access-denied callback ACE that uses the ACCESS_DENIED_CALLBACK_ACE structure.
- SYSTEM_AUDIT_CALLBACK_ACE_TYPE
- 0xD
System audit callback ACE that uses the SYSTEM_AUDIT_CALLBACK_ACE structure.
- AccessMask [in]
-
Specifies the mask of access rights to be granted to the specified SID.
- pSid [in]
-
A pointer to the SID that represents a user, group, or logon account being granted access.
- ConditionStr [in]
-
A string that specifies the conditional statement to be evaluated for the ACE.
- ReturnLength [out]
-
The size, in bytes, of the ACL. If the buffer specified by the pACL parameter is not of sufficient size, the value of this parameter is the required size.
Return value
If the function succeeds, it returns TRUE.
If the function fails, it returns FALSE. For extended error information, call GetLastError. The following are possible error values.
| Return code | Description |
|---|---|
|
The new ACE does not fit into the pAcl buffer. |
Requirements
|
Minimum supported client |
Windows 7 [desktop apps only] |
|---|---|
|
Minimum supported server |
Windows Server 2008 R2 [desktop apps only] |
|
Header |
|
|
Library |
|
|
DLL |
|