RtlAddAce routine

The RtlAddAce routine adds one or more access control entries (ACEs) to a specified access control list (ACL).

Syntax


NTSTATUS RtlAddAce(
  _Inout_ PACL  Acl,
  _In_    ULONG AceRevision,
  _In_    ULONG StartingAceIndex,
  _In_    PVOID AceList,
  _In_    ULONG AceListLength
);

Parameters

Acl [in, out]

Pointer to the ACL to be modified. RtlAddAce adds the specified ACEs to this ACL.

AceRevision [in]

ACL revision level of the ACE to be added. Windows version requirments are the following:

ValueMeaning
ACL_REVISION

The revision level valid on all Windows versions.

ACL_REVISION_DS

The revision level valid starting with Windows 2000.

Note  AceRevision must be ACL_REVISION_DS if the ACL in Acl contains an object-specific ACE.
 

 

StartingAceIndex [in]

Specifies the position in the ACL's list of ACEs at which to add new ACEs. A value of zero inserts the ACEs at the beginning of the list. A value of MAXULONG appends the ACEs to the end of the list.

AceList [in]

Pointer to a buffer containing a list of one or more ACEs to be added to the specified ACL. The ACEs in the list must be stored contiguously.

AceListLength [in]

Size, in bytes, of the input buffer pointed to by the AceList parameter.

Return value

RtlAddAce returns STATUS_SUCCESS or an appropriate NTSTATUS value such as one of the following:

Return codeDescription
STATUS_BUFFER_TOO_SMALL

The new ACEs do not fit into the ACL. A larger ACL buffer is required. STATUS_BUFFER_TOO_SMALL is an error code.

STATUS_INVALID_PARAMETER

One of the parameter values was invalid. Possible reasons include:

  • The specified ACL is invalid.

  • The specified revision is unknown, is not compatible with revisions in the ACE list, or is not compatible with the revision of the ACL.

STATUS_INVALID_PARAMETER is an error code.

 

Remarks

For information about calculating the size of an ACL, see the Remarks section of the reference entry for RtlCreateAcl.

To obtain a pointer to an ACE in an ACL, use RtlGetAce.

To delete an ACE from an ACL, use RtlDeleteAce.

To add an access-allowed ACE to an ACL, use RtlAddAccessAllowedAce.

For more information about security and access control, see the Microsoft Windows Software Development Kit (SDK) for Windows 7 and .NET Framework 4.0 documentation.

Requirements

Target platform

Universal

Version

This routine is available starting with Windows Server 2003 with SP1.

Header

Ntifs.h (include Ntifs.h)

Library

NtosKrnl.lib

DLL

NtosKrnl.exe (kernel mode);
Ntdll.dll (user mode)

IRQL

<= APC_LEVEL

See also

ACE
ACL
RtlAddAccessAllowedAce
RtlCreateAcl
RtlDeleteAce
RtlGetAce

 

 

Send comments about this topic to Microsoft

Show: