Platform SDK: Access Control

InitializeAcl

The InitializeAcl function creates a new ACL structure.

An ACL is an access-control list.

BOOL InitializeAcl(
  PACL pAcl,            // ACL
  DWORD nAclLength,     // size of ACL
  DWORD dwAclRevision   // revision level of ACL
);

Parameters

pAcl
[out] Pointer to an ACL structure initialized by this function.
nAclLength
[in] Specifies the length, in bytes, of the buffer pointed to by the pAcl parameter. This value must be large enough to contain the ACL header and all of the access-control entries (ACEs) to be stored in the ACL. See the following Remarks section for more information about calculating the size of an ACL.
dwAclRevision
[in] Specifies the revision level of the ACL being created.

Windows NT 4.0 and earlier: This value must be ACL_REVISION.

Windows 2000: This value can be ACL_REVISION or ACL_REVISION_DS. Use ACL_REVISION_DS if the ACL supports object-specific ACEs.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The ACL initialized by this function contains no ACEs. It is empty, as opposed to being a nonexistent ACL. If an empty ACL is applied to an object, it implicitly denies all access to that object.

To calculate the size of an ACL, add sizeof(ACL) to the size of all the ACEs to be stored in the ACL. To calculate the size of an ACE, add the size of the ACE structure, such as sizeof(ACCESS_ALLOWED_ACE), to the length of the SID associated with the ACE, and then subtract the size of the SidStart member (which is part of both the ACE structure and the SID). Use the GetSidLength function to get the length of a specified SID.

The following example shows how to calculate the size of an access-allowed ACE:

sizeof (ACCESS_ALLOWED_ACE) - sizeof (ACCESS_ALLOWED_ACE.SidStart) 
        + GetLengthSid (pAceSid);

To calculate the size of an ACL, use the following algorithm, substituting the appropriate ACE structure in the sizeof(ACE) expression:

cbAcl = sizeof (ACL);
for (i = 0 ; i < nAceCount ; i++) {
    // subtract ACE.SidStart from the size
    cbAce = sizeof (ACE) - sizeof (DWORD);
    // add this ACE's SID length
    cbAce += GetLengthSid (pAceSid[i]);
    // add the length of each ACE to the total ACL length
    cbAcl += cbAce;
}

Requirements

  Windows NT/2000: Requires Windows NT 3.1 or later.
  Header: Declared in Winbase.h; include Windows.h.
  Library: Use Advapi32.lib.

See Also

Low-Level Access-Control Overview, Low-Level Access Control Functions, ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACL, AddAccessAllowedAce, AddAccessDeniedAce, AddAce, AddAuditAccessAce, DeleteAce, GetAce, GetAclInformation, IsValidAcl, SetAclInformation, SID