ACL

typedef struct _ACL { /* acl */

BYTE AclRevision;

BYTE Sbz1;

WORD AclSize;

WORD AceCount;

WORD Sbz2;

} ACL;

The ACL data structure represents an access control list. A complete ACL consists of the header shown above followed by an ordered list of zero or more ACE data structures.

The NT implementation language and infrastructure make it inconvenient to hide structures such as ACLs from the NT user. However, the ACL structure is best thought of as opaque. Use the functions listed in the SeeAlso section below to create and manipulate ACLs. This helps ensure that ACLs are well-formed and semantically-correct.

There are different types of ACEs. Four types are currently defined, and more may be defined in the future. Two of the ACE types specify discretionary access information. They are used in discretionary access control lists. Two of the ACE types specify system level security information. They are used in system security access control lists. See the ACE reference pages for more information on the ACE types.

Members

AclRevision

Specifies the ACL's revision level. Should be ACL_REVISION2 for this version of the architecture. All ACEs in an ACL must be at the same revision level.

AclSize

Specifies the size in bytes of the ACL, which includes both the ACL header and all the ACEs.

AceCount

Specifies the number of ACEs stored in the ACL.

Comments

An ACL includes a sequential list of zero or more ACEs. The individual ACEs in an ACL are numbered from 0 to n, where n+1 is the number of ACEs in the ACL. When editing an ACL, a program refers to an ACE within the ACL by its index.

Each ACL and ACE structure begins on a natural longword boundary.

See Also

GetAclInformation, InitializeAcl, IsValidAcl, SetAclInformation, ACE