An ACE is an access-control entry (ACE) in an access-control list (ACL).
Following are the currently defined ACE types:
ACE type | Structure | ACL Type |
---|---|---|
Access allowed | ACCESS_ALLOWED_ACE | Discretionary |
Access denied | ACCESS_DENIED_ACE | Discretionary |
System alarm | SYSTEM_ALARM_ACE | System |
System audit | SYSTEM_AUDIT_ACE | System |
System-alarm ACEs are not supported in the current version of Windows NT.
An ACL contains a list of ACEs. An ACE defines access to an object for a specific user or group or defines the types of access that generate system-administration messages or alarms for a specific user or group. The user or group is identified by a security identifier (SID).
Each ACE starts with an ACE_HEADER structure. The format of the data following the header varies according to the ACE type specified in the header.
Windows NT: Requires version 3.1 or later.
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in winnt.h.
Access Control Overview, Access Control Structures, AddAce, ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACL, SYSTEM_ALARM_ACE, SYSTEM_AUDIT_ACE