The GetEffectiveRightsFromAcl function retrieves the effective access rights that an ACL allows for a specified trustee. The trustee's effective access rights are the access rights that the ACL grants to the trustee or to any groups of which the trustee is a member. The function does not consider the security privileges held by the trustee in determining the effective access rights.
DWORD GetEffectiveRightsFromAcl(
PACL pacl, // ACL to get trustee's rights from
PTRUSTEE pTrustee, // trustee to get rights for
PACCESS_MASK pAccessRights // receives trustee's access rights
);
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is a nonzero error code defined in WINERROR.H.
The GetEffectiveRightsFromAcl function checks all access-allowed and access-denied ACEs in the ACL to determine the effective rights for the trustee. For all ACEs that allow or deny rights to a group, GetEffectiveRightsFromAcl enumerates the members of the group to determine whether the trustee is a member. The function returns an error if it cannot enumerate the members of a group.
Windows NT: Requires version 4.0 or later.
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in aclapi.h.
Import Library: Use advapi32.lib.
Unicode: Implemented as Unicode and ANSI versions on Windows NT.
Windows NT 4.0 Access Control Overview, Windows NT 4.0 Access-Control Functions, ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACCESS_MASK, ACE, ACL, GetAuditedPermissionsFromAcl, SID, TRUSTEE