Platform SDK: Access Control |
The SYSTEM_AUDIT_ACE structure defines an access-control entry (ACE) for the system access-control list (ACL) specifying what types of access cause system-level notifications. A system-audit ACE causes an audit message to be logged when a specified user or group attempts to gain access to an object. The user or group is identified by a security identifier (SID).
typedef struct _SYSTEM_AUDIT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; DWORD SidStart; } SYSTEM_AUDIT_ACE;
Audit messages are stored in an event log that can be manipulated by using the Win32 API event-logging functions or by using the Event Viewer (EVENTVWR.EXE).
ACE structures should be aligned on doubleword boundaries. All Win32 memory-management functions return doubleword-aligned handles to memory.
Windows NT/2000: Requires Windows NT 3.1 or later.
Header: Declared in Winnt.h; include Windows.h.
Low-Level Access-Control Overview, Low-Level Access Control Structures, ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACCESS_MASK, ACE_HEADER, ACL, SYSTEM_ALARM_ACE