AddAccessDeniedAce

The AddAccessDeniedAce function adds an access-denied ACE to an ACL. The access is denied to a specified SID.

An ACE is an access-control entry. An ACL is an access-control list. A SID is a security identifier.

BOOL AddAccessDeniedAce(
  PACL pAcl,            // pointer to access-control list
  DWORD dwAceRevision,  // ACL revision level
  DWORD AccessMask,     // access mask
  PSID pSid             // pointer to security identifier
);

Parameters

pAcl: Pointer to an ACL structure. This function adds an access-denied ACE to the end of this ACL. The ACE is in the form of an ACCESS_DENIED_ACE structure.
dwAceRevision: Specifies the revision level of the ACL being modified. Currently, this value must be ACL_REVISION.
AccessMask: Specifies the mask of access rights being denied to the specified SID.
pSid: Pointer to the SID structure representing the user, group, or logon account being denied access.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The AddAccessAllowedAce and AddAccessDeniedAce functions add a new ACE to the end of the list of ACEs for the ACL. These functions do not automatically place the new ACE in the proper canonical order. It is the caller's responsibility to ensure that the ACL is in canonical order by adding ACEs in the proper sequence. For Windows NT versions 4.0 and earlier, the canonical order for a DACL places all access-denied ACEs before any access-allowed ACEs.

The ACE_HEADER structure placed in the ACE by the AddAccessDeniedAce function specifies a type and size, but provides no ACE flags.

QuickInfo

  Windows NT: Requires version 3.1 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in winbase.h.
  Import Library: Use advapi32.lib.

AddAccessDeniedAce

Parameters

Return Values

Remarks

QuickInfo

See Also