| Platform SDK: Access Control |
The AddAce function adds one or more ACEs to a specified ACL.
An ACE is an access-control entry. An ACL is an access-control list.
BOOL AddAce( PACL pAcl, // access-control list DWORD dwAceRevision, // ACL revision level DWORD dwStartingAceIndex, // index of ACE position in ACL LPVOID pAceList, // one or more ACEs DWORD nAceListLength // size of buffer for ACEs );
Windows NT 4.0 and earlier: This value must be ACL_REVISION.
Windows 2000: This value can be ACL_REVISION or ACL_REVISION_DS. Use ACL_REVISION_DS if the ACL contains object-specific ACEs.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError. The following are possible error values.
| Error value | Description |
|---|---|
| ERROR_ALLOTTED_SPACE_EXCEEDED | The new ACE does not fit into the ACL. A larger ACL buffer is required. |
| ERROR_INVALID_ACL | The specified ACL is not properly formed. |
| ERROR_INVALID_SID | The specified SID is not structurally valid. |
| ERROR_REVISION_MISMATCH | The specified revision is not known or is incompatible with that of the ACL. |
| ERROR_SUCCESS | The ACE was successfully added. |
Applications frequently use the FindFirstFreeAce and GetAce functions when using the AddAce function to manipulate an ACL. In addition, the ACL_SIZE_INFORMATION structure retrieved by the GetAclInformation function contains the size of the ACL and the number of ACEs it contains.
Windows NT/2000: Requires Windows NT 3.1 or later.
Header: Declared in Winbase.h; include Windows.h.
Library: Use Advapi32.lib.
Low-Level Access-Control Overview, Low-Level Access Control Functions, ACL, ACL_SIZE_INFORMATION, AddAccessAllowedAce, AddAccessDeniedAce, AddAuditAccessAce, DeleteAce, FindFirstFreeAce, GetAce, GetAclInformation