The RtlAddAccessAllowedAceEx routine adds an access-allowed access control entry (ACE) with inheritance ACE flags to an access control list (ACL). The access is granted to the specified security identifier (SID).
NTSYSAPI NTSTATUS RtlAddAccessAllowedAceEx( PACL Acl, ULONG AceRevision, ULONG AceFlags, ACCESS_MASK AccessMask, PSID Sid );
A pointer to a caller-allocated buffer that contains the ACL to be modified. RtlAddAccessAllowedAceEx adds an access-allowed ACE to the end of this ACL. The ACE is in the form of an ACCESS_ALLOWED_ACE structure.
ACL revision level of the ACE to be added. This value can be ACL_REVISION or ACL_REVISION_DS. It must be ACL_REVISION_DS if the ACL contains an object-specific ACE.
Bitmask specifying the inherit flags of the ACE to be added.
A pointer to the SID structure that represents a user, group, or logon account that is being granted access.
RtlAddAccessAllowedAceEx can return one of the following values:
||The ACE was successfully added.|
||A new ACE does not fit into the ACL. A larger ACL buffer is required. For more information about how to calculate the size of an ACL, see RtlCreateAcl.|
||The specified ACL is not correctly formed.|
||The AceFlags parameter was invalid.|
||The specified SID structure is not structurally valid.|
||The specified AceRevision is not known or is not compatible with that of the ACL.|
Unlike RtlAddAccessAllowedAce, this routine sets the inheritance ACE flags.
For more information about security and access control, see the documentation about these topics in the Microsoft Windows SDK, such as:
|Windows version||This routine is available in Microsoft Windows 2000 and later Windows operating systems.|
|Header||ntifs.h (include Ntifs.h, FltKernel.h)|