GetEffectiveRightsFromAcl

The GetEffectiveRightsFromAcl function retrieves the effective access rights that an ACL allows for a specified trustee. The trustee's effective access rights are the access rights that the ACL grants to the trustee or to any groups of which the trustee is a member. The function does not consider the security privileges held by the trustee in determining the effective access rights.

DWORD GetEffectiveRightsFromAcl(
  PACL pacl,                   // ACL to get trustee's rights from
  PTRUSTEE pTrustee,           // trustee to get rights for
  PACCESS_MASK pAccessRights  // receives trustee's access rights
);

Parameters

pacl: Pointer to an ACL structure from which to get the trustee's effective access rights.
pTrustee: Pointer to a TRUSTEE structure that identifies the trustee. A trustee can be a user, group, or program (such as a Win32 service). You can use a name or a security identifier (SID) to identify a trustee.
pAccessRights: Pointer to an ACCESS_MASK variable that receives the effective access rights of the trustee.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value is a nonzero error code defined in WINERROR.H.

Remarks

The GetEffectiveRightsFromAcl function checks all access-allowed and access-denied ACEs in the ACL to determine the effective rights for the trustee. For all ACEs that allow or deny rights to a group, GetEffectiveRightsFromAcl enumerates the members of the group to determine whether the trustee is a member. The function returns an error if it cannot enumerate the members of a group.

QuickInfo

  Windows NT: Requires version 4.0 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in aclapi.h.
  Import Library: Use advapi32.lib.
  Unicode: Implemented as Unicode and ANSI versions on Windows NT.

GetEffectiveRightsFromAcl

Parameters

Return Values

Remarks

QuickInfo

See Also