[This is preliminary documentation and subject to change.]
The SetEntriesInAccessList function creates a new access-control list by merging specified access-control information into an existing access-control list. You can specify access-control information for an object or for a specified property on an object.
DWORD SetEntriesInAccessList(
ULONG cEntries, // Number of entries in the entry list
PACTRL_ACCESS_ENTRY pAccessEntryList,
// array of access-control entry information
ACCESS_MODE AccessMode, // merge, replace, or revoke trustee
// access
LPCTSTR lpProperty, // GUID string of a property
PACTRL_ACCESS pOldList, // pointer to the old access-control list
PACTRL_ACCESS *ppNewList
// receives a pointer to the new list
);
Value | Meaning |
---|---|
GRANT_ACCESS | Adds the new entries to the front of the access-control list. Existing entries are not removed from the list. |
REVOKE_ACCESS | Remove from the existing list explicit entries for trustees specified in the pAccessEntryList array. |
SET_ACCESS | Adds the new entries to the front of the access-control list. Existing entries for the same trustees are removed from the list. |
If you specify REVOKE_ACCESS or SET_ACCESS, the function can remove entries for trustees specified in the pAccessEntryList array. However, the function's behavior depends on the lpProperty parameter. If lpProperty is non-NULL, the function removes only the object-specific entries that apply to the properties, property sets, or child objects identified by lpProperty. However, if lpProperty is NULL, the function removes all entries for the specified trustees, including any object-specific entries, as well as entries for the object itself.
Use this parameter to create object-specific ACEs that apply to a child object, property set, or property of the object. If this parameter is NULL, the access-control information applies to the object itself.
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value can be one of the following error codes.
Value | Meaning |
---|---|
ERROR_NOT_ENOUGH_MEMORY | A memory allocation failed |
ERROR_INVALID_PARAMETER | An invalid parameter was specified. |
Windows NT: Requires version 5.0 or later.
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in aclapi.h.
Import Library: Use advapi32.lib.
Unicode: Implemented as Unicode and ANSI versions on Windows NT.
Access Control Overview, Access Control Functions, SetEntriesInAuditList