Platform SDK: Access Control

ACE

An ACE is an access-control entry (ACE) in an access-control list (ACL).

Following are the currently defined ACE types.

ACE type Structure ACL Type
Access allowed ACCESS_ALLOWED_ACE Discretionary
Access allowed, object-specific ACCESS_ALLOWED_OBJECT_ACE Discretionary
Access denied ACCESS_DENIED_ACE Discretionary
Access denied, object-specific ACCESS_DENIED_OBJECT_ACE Discretionary
System alarm SYSTEM_ALARM_ACE System
System alarm, object-specific SYSTEM_ALARM_OBJECT_ACE System
System audit SYSTEM_AUDIT_ACE System
System audit, object-specific SYSTEM_AUDIT_OBJECT_ACE System

System-alarm and object-specific system-alarm ACEs are not currently supported.

Remarks

An ACL contains a list of ACEs. An ACE defines access to an object for a specific user or group or defines the types of access that generate system-administration messages or alarms for a specific user or group. The user or group is identified by a security identifier (SID).

Each ACE starts with an ACE_HEADER structure. The format of the data following the header varies according to the ACE type specified in the header.

Requirements

  Windows NT/2000: Requires Windows NT 3.1 or later.
  Header: Declared in Winnt.h; include Windows.h.

See Also

Access Control Overview, Access Control Structures, AddAce, ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACL, SYSTEM_ALARM_ACE, SYSTEM_AUDIT_ACE