The ACE_HEADER structure describes the type and size of an access-control entry (ACE).
typedef struct _ACE_HEADER { // acehdr
BYTE AceType;
BYTE AceFlags;
WORD AceSize;
} ACE_HEADER;
| Value | Meaning |
|---|---|
| ACCESS_ALLOWED_ACE_TYPE | |
| Access-allowed ACE that uses the ACCESS_ALLOWED_ACE structure. | |
| ACCESS_DENIED_ACE_TYPE | |
| Access-denied ACE that uses the ACCESS_DENIED_ACE structure. | |
| SYSTEM_AUDIT_ACE_TYPE | |
| System-audit ACE that uses the SYSTEM_AUDIT_ACE structure. | |
| ACCESS_ALLOWED_OBJECT_ACE_TYPE | |
| Windows NT 5.0 and later: Object-specific access-allowed ACE that uses the ACCESS_ALLOWED_OBJECT_ACE structure. | |
| ACCESS_DENIED_OBJECT_ACE_TYPE | |
| Windows NT 5.0 and later: Object-specific access-denied ACE that uses the ACCESS_DENIED_OBJECT_ACE structure. | |
| SYSTEM_AUDIT_OBJECT_ACE_TYPE | |
| Windows NT 5.0 and later: Object-specific system-audit ACE that uses the SYSTEM_AUDIT_OBJECT_ACE structure. | |
| Value | Meaning |
|---|---|
| CONTAINER_INHERIT_ACE | |
| Child objects that are containers, such as directories, inherit the ACE as an effective ACE. The inherited ACE is inheritable unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set. | |
| INHERIT_ONLY_ACE | |
| Indicates an inherit-only ACE which does not control access to the object to which it is attached. If this flag is not set, the ACE is an effective ACE which controls access to the object to which it is attached. Both effective and inherit-only ACEs can be inherited depending on the state of the other inheritance flags. |
|
| NO_PROPAGATE_INHERIT_ACE | |
| If the ACE is inherited by a child object, the system clears the OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags in the inherited ACE. This prevents the ACE from being inherited by subsequent generations of objects. | |
| OBJECT_INHERIT_ACE | |
| Noncontainer child objects inherit the ACE as an effective ACE. For child objects that are containers, the ACE is inherited as an inherit-only ACE unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set. |
|
| FAILED_ACCESS_ACE_FLAG | |
| Used with system-audit ACEs in a SACL to generate audit messages for failed access attempts. | |
| SUCCESSFUL_ACCESS_ACE_FLAG | |
| Used with system-audit ACEs in a SACL to generate audit messages for successful access attempts. | |
| INHERITED_ACE | |
| Windows NT 5.0 and later: .Indicates that the ACE was inherited. The system sets this bit when it propagates an inherited ACE to a child object. | |
The ACE_HEADER structure is the first member of the various types of ACE structures, such as ACCESS_ALLOWED_ACE.
System-alarm ACEs are not supported in the current version of Windows NT. The AceType member cannot specify the SYSTEM_ALARM_ACE_TYPE or SYSTEM_ALARM_OBJECT_ACE_TYPE values. Do not use the SYSTEM_ALARM_ACE or SYSTEM_ALARM_OBJECT_ACE structures.
Windows NT: Requires version 3.1 or later.
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in winnt.h.
Access Control Overview, Access Control Structures, ACCESS_ALLOWED_ACE, ACCESS_ALLOWED_OBJECT_ACE, ACCESS_DENIED_ACE, ACCESS_DENIED_OBJECT_ACE, ACL, SYSTEM_AUDIT_ACE, SYSTEM_AUDIT_OBJECT_ACE