Access control entry (ACE)
An ACE is an access control entry in an access-control list (ACL).
The following values are the currently defined ACE types.
| Value | Meaning |
|---|---|
| ACCESS_ALLOWED_ACE | Grants specified rights to a user or group. This ACE is stored in a discretionary ACL (DACL). |
| ACCESS_DENIED_ACE | Denies specified rights to a user or group. This ACE is stored in a DACL. |
| SYSTEM_AUDIT_ACE | Specifies what types of access cause system-level audits. This ACE is stored in a system ACL (SACL). |
A fourth ACE structure, SYSTEM_ALARM_ACE, isn't currently supported.
An ACL contains a list of zero or more ACEs. Each ACE controls or monitors access to an object by a specified trustee. Specifically, an ACE:
- Defines access to an object for a specific user or group, or
- Defines the types of access that generate system-administration messages or alarms for a specific user or group.
A security identifier (SID) identifies the user or group.
Each ACE starts with an ACE_HEADER structure. The format of the data following the header varies according to the ACE type specified in the header. This structure must be aligned on a 32-bit boundary.
Requirements: ntifs.h (include ntifs.h)
Related articles
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for