Platform SDK: Access Control

OBJECTS_AND_SID

The OBJECTS_AND_SID structure contains a SID that identifies a trustee and GUIDs that identify the object types of an object-specific ACE.

typedef struct _OBJECTS_AND_SID {
  DWORD   ObjectsPresent;
  GUID    ObjectTypeGuid;
  GUID    InheritedObjectTypeGuid;
  SID    *pSID;
} OBJECTS_AND_SID, *POBJECTS_AND_SID;

Members

ObjectsPresent
Indicates whether the ObjectTypeGuid and InheritedObjectTypeGuid members contain GUIDs. This parameter can be a combination of the following values.
Value Meaning
ACE_OBJECT_TYPE_PRESENT The ObjectTypeGuid member contains a GUID.
ACE_INHERITED_OBJECT_TYPE_PRESENT The InheritedObjectTypeGuid member contains a GUID.

ObjectTypeGuid
A GUID structure that identifies the type of object, property set, or property protected by the ACE. If this ACE is inherited, the GUID identifies the type of object, property set, or property protected by the inherited ACE. This GUID must be a valid schema identifier in the Active Directory schema.

If the ACE_OBJECT_TYPE_PRESENT bit is not set in the ObjectsPresent member, the ObjectTypeGuid member is ignored, and the ACE protects the object to which the ACL is assigned.

InheritedObjectTypeGuid
A GUID structure that identifies the type of object that can inherit the ACE. This GUID must be a valid schema identifier in the Active Directory schema.

If the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is not set in the ObjectsPresent member, the InheritedObjectTypeGuid member is ignored, and all types of child objects can inherit the ACE. Otherwise, only the specified object type can inherit the ACE. In either case, inheritance is also controlled by the inheritance flags in the ACE_HEADER as well as by any protection against inheritance placed on the child objects.

pSID
Pointer to the SID of the trustee to whom the ACE applies.

Remarks

The ptstrName member of a TRUSTEE structure can be a pointer to an OBJECTS_AND_SID structure. This enables functions such as SetEntriesInAcl and GetExplicitEntriesFromAcl to store object-specific ACE information in the Trustee member of an EXPLICIT_ACCESS structure.

When you use this structure in a call to SetEntriesInAcl, ObjectTypeGuid and InheritedObjectTypeGuid must be valid schema identifiers in the Active Directory schema. The system does not verify the GUIDs; they are used as is.

Requirements

  Windows NT/2000: Requires Windows 2000.
  Header: Declared in Accctrl.h.
  Unicode: Declared as Unicode and ANSI structures.

See Also

Access Control Overview, Access Control Structures, GetExplicitEntriesFromAcl, GUID, OBJECTS_AND_NAME, SetEntriesInAcl, TRUSTEE