ACE

An ACE is an access-control entry (ACE) in an access-control list (ACL).

Following are the currently defined ACE types.

Attribute Description

ACCESS_ALLOWED_ACE

Grants specified rights to a user or group. This ACE is stored in a discretionary ACL (DACL).

ACCESS_DENIED_ACE

Denies specified rights to a user or group. This ACE is stored in a DACL.

SYSTEM_AUDIT_ACE

Specifies what types of access will cause system-level audits. This ACE is stored in a system ACL (SACL).

A fourth ACE structure, SYSTEM_ALARM_ACE, is not currently supported.

An ACL contains a list of ACEs. An ACE defines access to an object for a specific user or group or defines the types of access that generate system-administration messages or alarms for a specific user or group. The user or group is identified by a security identifier (SID).

Each ACE starts with an ACE_HEADER structure. The format of the data following the header varies according to the ACE type specified in the header.

This structure must be aligned on a 32-bit boundary.

Requirements: ntifs.h (include ntifs.h)

ACCESS_ALLOWED_ACE

ACCESS_DENIED_ACE

ACE_HEADER

ACL

RtlAddAccessAllowedAce

RtlGetAce

SID

SYSTEM_ALARM_ACE

SYSTEM_AUDIT_ACE