[This is preliminary documentation and subject to change.]
The AddAuditAccessAceEx function adds a system-audit ACE to the end of a SACL. This function is identical to the AddAuditAccessAce function, except that it allows you to also specify flags that control whether the new ACE can be inherited by child objects.
BOOL AddAuditAccessAceEx(
PACL pAcl, // pointer to an ACL
DWORD dwAceRevision, // ACL revision level
DWORD AceFlags, // flags for ACE inheritance and audit type
DWORD dwAccessMask, // access mask for the new ACE
PSID pSid, // SID of the trustee for the new ACE
BOOL bAuditSuccess, // audit successful access attempts
BOOL bAuditFailure // audit unsuccessful access attempts
);
Value | Meaning |
---|---|
CONTAINER_INHERIT_ACE | |
The ACE is inherited by container objects. | |
FAILED_ACCESS_ACE_FLAG | |
If you set this flag or specify TRUE for the bAuditFailure parameter, failed attempts to use the specified access rights cause the system to generate an audit record in the security event log. | |
INHERIT_ONLY_ACE | |
The ACE does not apply to the object to which the ACL is assigned, but it can be inherited by child objects. | |
INHERITED_ACE | |
Indicates an inherited ACE. This flag allows operations that change the security on a tree of objects to modify inherited ACEs, while not changing ACEs that were directly applied to the object. | |
NO_PROPAGATE_INHERIT_ACE | |
The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE bits are not propagated to an inherited ACE. | |
OBJECT_INHERIT_ACE | |
The ACE is inherited by noncontainer objects. | |
SUCCESSFUL_ACCESS_ACE_FLAG | |
If you set this flag or specify TRUE for the bAuditSuccess parameter, successful uses of the specified access rights cause the system to generate an audit record in the security event log. |
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError. If the AceFlags parameter specifies invalid flags, GetLastError returns ERROR_INVALID_FLAGS.
Windows NT: Requires version 5.0 or later.
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in winbase.h.
Import Library: Use advapi32.lib.
Low-Level Access-Control Overview, Low-Level Access Control Functions, ACE_HEADER, ACL, AddAccessAllowedAceEx, AddAccessDeniedAceEx, AddAuditAccessAce, SYSTEM_AUDIT_ACE