Platform SDK: Access Control

SYSTEM_AUDIT_OBJECT_ACE

The SYSTEM_AUDIT_OBJECT_ACE structure defines an access-control entry (ACE) for a SACL. The ACE can audit access to an object, or to a subobject of an object, such as a property set or property. The ACE contains a set of access rights, a GUID that identifies the type of object or subobject, and a SID that identifies the trustee for whom the system will audit access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects. 

typedef struct _SYSTEM_ALARM_OBJECT_ACE {
  ACE_HEADER Header;
  ACCESS_MASK Mask;
  DWORD Flags;
  GUID ObjectType;
  GUID InheritedObjectType;
  DWORD SidStart;
} SYSTEM_ALARM_OBJECT_ACE, *PSYSTEM_ALARM_OBJECT_ACE;

Members

Header
An ACE_HEADER structure that specifies the size and type of ACE. It contains flags that control inheritance of the ACE by child objects. The structure also contains flags that indicate whether the ACE audits successful access attempts, failed access attempts, or both.
Mask
An ACCESS_MASK that specifies the access rights the system will audit for access attempts by the trustee.
Flags
A set of bit flags that indicate whether the ObjectType and InheritedObjectType members contain GUIDs. This parameter can be a combination of the following values. Set all undefined bits to zero.
Value Meaning
ACE_OBJECT_TYPE_PRESENT The ObjectType member contains a GUID.
ACE_INHERITED_OBJECT_TYPE_PRESENT The InheritedObjectType member contains a GUID.

ObjectType
A GUID structure that identifies a property set, property, extended right, or type of child object.

This member is valid only if the ACE_OBJECT_TYPE_PRESENT bit is set in the Flags member. Otherwise, ObjectType is ignored.

The purpose of this GUID depends on the access rights specified in the Mask member.
Access rights Meaning
ADS_RIGHT_DS_READ_PROP and/or ADS_RIGHT_DS_WRITE_PROP The ObjectType GUID identifies a property set or property of the object. The ACE controls auditing of the trustee's attempts to read or write the property or property set.
ADS_RIGHT_DS_CONTROL_ACCESS The ObjectType GUID identifies an extended access right. For more information, see Extended Rights.
ADS_RIGHT_DS_CREATE_CHILD The ObjectType GUID identifies a type of child object. The ACE controls auditing of the trustee's attempts to create this type of child object.

InheritedObjectType
A GUID structure that identifies the type of child object that can inherit the ACE.

This member is valid only if the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is set in the Flags member. If that bit is not set, InheritedObjectType is ignored and all types of child objects can inherit the ACE. In either case, inheritance is also controlled by the inheritance flags in the ACE_HEADER, as well as by any protection against inheritance placed on the child objects.

SidStart
Specifies the first DWORD of a SID that identifies the trustee for whom the access attempts are audited.

Remarks

If neither the ObjectType nor InheritedObjectType GUID is specified, the SYSTEM_AUDIT_OBJECT_ACE structure has the same semantics as the SYSTEM_AUDIT_ACE structure. In that case, use the SYSTEM_AUDIT_ACE structure because it is smaller and more efficient.

An ACL that contains an SYSTEM_AUDIT_OBJECT_ACE must specify the ACL_REVISION_DS revision number in its ACE_HEADER structure.

Requirements

  Windows NT/2000: Requires Windows 2000.
  Header: Declared in Winnt.h; include Windows.h.

See Also

Low-Level Access-Control Overview, Low-Level Access Control Structures, ACCESS_ALLOWED_OBJECT_ACE, ACCESS_DENIED_OBJECT_ACE, ACCESS_MASK, ACE_HEADER, ACL, AddAuditAccessObjectAce, GUID, SID, SYSTEM_AUDIT_ACE

Built on Tuesday, February 08, 2000