Platform SDK: Access Control

ACCESS_MODE

The ACCESS_MODE enumeration type contains values that indicate how the access rights in an EXPLICIT_ACCESS structure apply to the trustee. Functions such as SetEntriesInAcl and GetExplicitEntriesFromAcl use these values to set or retrieve information in an access-control entry (ACE).

typedef enum _ACCESS_MODE {
  NOT_USED_ACCESS = 0,
  GRANT_ACCESS,
  SET_ACCESS,
  DENY_ACCESS,
  REVOKE_ACCESS,
  SET_AUDIT_SUCCESS,
  SET_AUDIT_FAILURE
} ACCESS_MODE;

Enumerator Value	Meaning
GRANT_ACCESS	An input flag that creates an ACCESS_ALLOWED_ACE. The new ACE combines the specified rights with any existing allowed or denied rights of the trustee.
SET_ACCESS	Indicates an ACCESS_ALLOWED_ACE that allows the specified rights. On input, this flag discards any existing access-control information for the trustee.
DENY_ACCESS	Indicates an ACCESS_DENIED_ACE that denies the specified rights. On input, this flag denies the specified rights in addition to any currently denied rights of the trustee. It also modifies or deletes any existing ACCESS_ALLOWED_ACE for the trustee that allows the specified rights.
REVOKE_ACCESS	An input flag that removes all existing ACCESS_DENIED_ACE, ACCESS_ALLOWED_ACE, or SYSTEM_AUDIT_ACE structures for the specified trustee.
SET_AUDIT_SUCCESS	Indicates a SYSTEM_AUDIT_ACE that generates audit messages for successful attempts to use the specified access rights. You can combine this value with SET_AUDIT_FAILURE. On input, this flag combines the specified rights with any existing audited access rights for the trustee.
SET_AUDIT_FAILURE	Indicates a SYSTEM_AUDIT_ACE that generates audit messages for failed attempts to use the specified access rights. You can combine this value with SET_AUDIT_SUCCESS. On input, this flag combines the specified rights with any existing audited access rights for the trustee.

Requirements

Windows NT/2000: Requires Windows NT 4.0 or later.
Header: Declared in Accctrl.h.

ACCESS_MODE

Requirements

See Also