Platform SDK: Access Control |
An ACE is an access-control entry (ACE) in an access-control list (ACL).
Following are the currently defined ACE types.
ACE type | Structure | ACL Type |
---|---|---|
Access allowed | ACCESS_ALLOWED_ACE | Discretionary |
Access allowed, object-specific | ACCESS_ALLOWED_OBJECT_ACE | Discretionary |
Access denied | ACCESS_DENIED_ACE | Discretionary |
Access denied, object-specific | ACCESS_DENIED_OBJECT_ACE | Discretionary |
System alarm | SYSTEM_ALARM_ACE | System |
System alarm, object-specific | SYSTEM_ALARM_OBJECT_ACE | System |
System audit | SYSTEM_AUDIT_ACE | System |
System audit, object-specific | SYSTEM_AUDIT_OBJECT_ACE | System |
System-alarm and object-specific system-alarm ACEs are not currently supported.
An ACL contains a list of ACEs. An ACE defines access to an object for a specific user or group or defines the types of access that generate system-administration messages or alarms for a specific user or group. The user or group is identified by a security identifier (SID).
Each ACE starts with an ACE_HEADER structure. The format of the data following the header varies according to the ACE type specified in the header.
Windows NT/2000: Requires Windows NT 3.1 or later.
Header: Declared in Winnt.h; include Windows.h.
Access Control Overview, Access Control Structures, AddAce, ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACL, SYSTEM_ALARM_ACE, SYSTEM_AUDIT_ACE