Expand Minimize

RtlAddAce routine

The RtlAddAce routine adds one or more access control entries (ACEs) to a specified access control list (ACL).

Syntax


NTSTATUS RtlAddAce(
  _Inout_ PACL  Acl,
  _In_    ULONG AceRevision,
  _In_    ULONG StartingAceIndex,
  _In_    PVOID AceList,
  _In_    ULONG AceListLength
);

Parameters

Acl [in, out]

Pointer to the ACL to be modified. RtlAddAce adds the specified ACEs to this ACL.

AceRevision [in]

ACL revision level of the ACE to be added. Windows version requirments are the following:

ValueMeaning
ACL_REVISION

The revision level valid on all Windows versions.

ACL_REVISION_DS

The revision level valid starting with Windows 2000.

Note  AceRevision must be ACL_REVISION_DS if the ACL in Acl contains an object-specific ACE.

 

StartingAceIndex [in]

Specifies the position in the ACL's list of ACEs at which to add new ACEs. A value of zero inserts the ACEs at the beginning of the list. A value of MAXULONG appends the ACEs to the end of the list.

AceList [in]

Pointer to a buffer containing a list of one or more ACEs to be added to the specified ACL. The ACEs in the list must be stored contiguously.

AceListLength [in]

Size, in bytes, of the input buffer pointed to by the AceList parameter.

Return value

RtlAddAce returns STATUS_SUCCESS or an appropriate NTSTATUS value such as one of the following:

Return codeDescription
STATUS_BUFFER_TOO_SMALL

The new ACEs do not fit into the ACL. A larger ACL buffer is required. STATUS_BUFFER_TOO_SMALL is an error code.

STATUS_INVALID_PARAMETER

One of the parameter values was invalid. Possible reasons include:

  • The specified ACL is invalid.

  • The specified revision is unknown, is not compatible with revisions in the ACE list, or is not compatible with the revision of the ACL.

STATUS_INVALID_PARAMETER is an error code.

 

Remarks

For information about calculating the size of an ACL, see the Remarks section of the reference entry for RtlCreateAcl.

To obtain a pointer to an ACE in an ACL, use RtlGetAce.

To delete an ACE from an ACL, use RtlDeleteAce.

To add an access-allowed ACE to an ACL, use RtlAddAccessAllowedAce.

For more information about security and access control, see the Microsoft Windows Software Development Kit (SDK) for Windows 7 and .NET Framework 4.0 documentation.

Requirements

Target platform

Universal

Version

This routine is available starting with Windows Server 2003 with SP1.

Header

Ntifs.h (include Ntifs.h)

Library

NtosKrnl.lib

DLL

NtosKrnl.exe

IRQL

<= APC_LEVEL

See also

ACE
ACL
RtlAddAccessAllowedAce
RtlCreateAcl
RtlDeleteAce
RtlGetAce

 

 

Send comments about this topic to Microsoft

Show:
© 2015 Microsoft