[This is preliminary documentation and subject to change.]
The AddAccessAllowedObjectAce function adds an access-allowed ACE to the end of a DACL. The new ACE can grant access to an object, or to a property set or property on an object. You can also use AddAccessAllowedObjectAce to add an ACE that only a specified type of child object can inherit.
BOOL AddAccessAllowedObjectAce(
PACL pAcl, // pointer to an ACL
DWORD dwAceRevision, // ACL revision level
DWORD AceFlags, // ACE inheritance flags
DWORD AccessMask, // access mask for the new ACE
GUID *ObjectTypeGuid, // type of object protected by the ACE
GUID *InheritedObjectTypeGuid,
// type of object that can inherit the ACE
PSID pSid // SID of the trustee for the new ACE
);
Value | Meaning |
---|---|
CONTAINER_INHERIT_ACE | |
The ACE is inherited by container objects. | |
INHERIT_ONLY_ACE | |
The ACE does not apply to the object to which the ACL is assigned, but it can be inherited by child objects. | |
INHERITED_ACE | |
Indicates an inherited ACE. This flag allows operations that change the security on a tree of objects to modify inherited ACEs, while not changing ACEs that were directly applied to the object. | |
NO_PROPAGATE_INHERIT_ACE | |
The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE bits are not propagated to an inherited ACE. | |
OBJECT_INHERIT_ACE | |
The ACE is inherited by noncontainer objects. |
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError. If the AceFlags parameter specifies invalid flags, GetLastError returns ERROR_INVALID_FLAGS.
If both ObjectTypeGuid and InheritedObjectTypeGuid are NULL, use the AddAccessAllowedAceEx function rather than AddAccessAllowedObjectAce. This is suggested because an ACCESS_ALLOWED_ACE is smaller and more efficient than an ACCESS_ALLOWED_OBJECT_ACE.
The caller must ensure that ACEs are added to the DACL in the correct order. For more information, see Order of ACEs in a DACL.
Windows NT: Requires version 5.0 or later.
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in winbase.h.
Import Library: Use advapi32.lib.
Low-Level Access-Control Overview, Low-Level Access Control Functions, ACCESS_ALLOWED_ACE, ACCESS_ALLOWED_OBJECT_ACE, ACE_HEADER, ACL, AddAccessAllowedAceEx, AddAccessDeniedObjectAce, AddAuditAccessObjectAce