This class is a wrapper for a SACL (system access-control list) structure.
This class and its members cannot be used in applications that execute in the Windows Runtime.
class CSacl : public CAcl
|CSacl::AddAuditAce||Adds an audit access-control entry (ACE) to the
|CSacl::GetAceCount||Returns the number of access-control entries (ACEs) in the
|CSacl::RemoveAce||Removes a specific ACE (access-control entry) from the
|CSacl::RemoveAllAces||Removes all of the ACEs contained in the
|CSacl::operator =||Assignment operator.|
A SACL contains access-control entries (ACEs) that specify the types of access attempts that generate audit records in the security event log of a domain controller. Note that a SACL generates log entries only on the domain controller where the access attempt occurred, not on every domain controller that contains a replica of the object.
To set or retrieve the SACL in an object's security descriptor, the SE_SECURITY_NAME privilege must be enabled in the access token of the requesting thread. The administrators group has this privilege granted by default, and it can be granted to other users or groups. Having the privilege granted is not all that is required: before the operation defined by the privilege can be performed, the privilege must be enabled in the security access token in order to take effect. The model allows privileges to be enabled only for specific system operations, and then disabled when they are no longer needed. See AtlGetSacl and AtlSetSacl for examples of enabling SE_SECURITY_NAME.
For an introduction to the access control model in Windows, see Access Control in the Windows SDK.
Adds an audit access-control entry (ACE) to the
bool AddAuditAce( const CSid& rSid, ACCESS_MASK AccessMask, bool bSuccess, bool bFailure, BYTE AceFlags = 0) throw(...); bool AddAuditAce( const CSid& rSid, ACCESS_MASK AccessMask, bool bSuccess, bool bFailure, BYTE AceFlags, const GUID* pObjectType, const GUID* pInheritedObjectType) throw(...);
The CSid object.
Specifies the mask of access rights to be audited for the specified
Specifies whether allowed access attempts are to be audited. Set this flag to true to enable auditing; otherwise, set it to false.
Specifies whether denied access attempts are to be audited. Set this flag to true to enable auditing; otherwise, set it to false.
A set of bit flags that control ACE inheritance.
The object type.
The inherited object type.
Returns TRUE if the ACE is added to the
CSacl object, FALSE on failure.
CSacl object contains access-control entries (ACEs) that specify the types of access attempts that generate audit records in the security event log. This method adds such an ACE to the
See ACE_HEADER for a description of the various flags which can be set in the AceFlags parameter.
CSacl() throw(); CSacl(const ACL& rhs) throw(...);
ACL (access-control list) structure.
CSacl object can be optionally created using an existing
ACL structure. Ensure that this parameter is a system access-control list (SACL) and not a discretionary access-control list (DACL). In debug builds, if a DACL is supplied an assertion will occur. In release builds any entries from a DACL are ignored.
The destructor frees any resources acquired by the object, including all access-control entries (ACEs).
Returns the number of access-control entries (ACEs) in the
UINT GetAceCount() const throw();
Returns the number of ACEs contained in the
CSacl& operator=(const ACL& rhs) throw(...);
ACL (access-control list) to assign to the existing object.
Returns a reference to the updated
CSacl object. Ensure that the
ACL parameter is actually a system access-control list (SACL) and not a discretionary access-control list (DACL). In debug builds an assertion will occur, and in release builds the
ACL parameter will be ignored.
Removes a specific ACE (access-control entry) from the
void RemoveAce(UINT nIndex) throw();
Index to the ACE entry to remove.
This method is derived from CAtlArray::RemoveAt.
Removes all of the access-control entries (ACEs) contained in the
void RemoveAllAces() throw();
ACE structure (if any) in the
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.