| Platform SDK: Access Control |
The GetExplicitEntriesFromAcl function retrieves an array of structures that describe the access-control entries (ACEs) in an access-control list (ACL).
DWORD GetExplicitEntriesFromAcl( PACL pacl, // ACL PULONG pcCountOfExplicitEntries, // entries PEXPLICIT_ACCESS *pListOfExplicitEntries // array );
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is a nonzero error code defined in Winerror.h.
Each entry in the array of EXPLICIT_ACCESS structures describes access control information from an ACE for a trustee. A trustee can be a user, group, or program (such as a Win32 service).
Each EXPLICIT_ACCESS structure specifies a set of access rights and an access mode flag that indicates whether the ACE allows, denies, or audits the specified rights.
For a discretionary ACL (DACL), the access mode flag can be one of the following values from the ACCESS_MODE enumeration.
| Value | Meaning |
|---|---|
| SET_ACCESS | Indicates that an access-allowed ACE for the trustee allows the specified access rights. |
| DENY_ACCESS | Indicates that an access-denied ACE for the trustee denies the specified access rights. |
For a system ACL (SACL), the access mode flag can be a combination of the following values from the ACCESS_MODE enumeration.
| Value | Meaning |
|---|---|
| SET_AUDIT_SUCCESS | Indicates that a system-audit ACE for the trustee generates audit messages for successful attempts to use the specified access rights. |
| SET_AUDIT_FAILURE | Indicates that a system-audit ACE for the trustee generates audit messages for failed attempts to use the specified access rights. |
Windows NT/2000: Requires Windows NT 4.0 or later.
Header: Declared in Aclapi.h.
Library: Use Advapi32.lib.
Unicode: Implemented as Unicode and ANSI versions on Windows NT/2000.
Access Control Overview, Access Control Functions, ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACE, ACL, EXPLICIT_ACCESS, LocalFree, SYSTEM_AUDIT_ACE