Platform SDK: Access Control

SI_ACCESS

The SI_ACCESS structure contains information about an access right or default access mask for a securable object. The ISecurityInformation::GetAccessRights method uses this structure to specify information that the access control editor uses to initialize its property pages.

typedef struct _SI_ACCESS {
  const GUID *pguid;
  ACCESS_MASK mask;
  LPCWSTR     pszName;
  DWORD       dwFlags;
} SI_ACCESS, *PSI_ACCESS;

Members

pguid
Pointer to a GUID structure that identifies the type of object to which the access right or default access mask applies. The GUID can identify a property set or property on the object, or a type of child object that can be contained by the object.

If this member points to GUID_NULL, the access right applies to the object itself.

mask
A bit mask that specifies the access right described by this structure. The mask can contain any combination of standard and specific rights, but should not contain generic rights such as GENERIC_ALL.
pszName
Pointer to a null-terminated Unicode string containing a display string that describes the access right.

Alternatively, pszName can be a string resource identifier returned by the MAKEINTRESOURCE macro. Use the ISecurityInformation::GetObjectInformation method to identify the module that contains the string resource.

dwFlags
A set of bit flags that indicate where the access right is displayed. This member can be a combination of the following.
Value Meaning
SI_ACCESS_SPECIFIC If this flag is set, the access right is displayed on the advanced security pages.
SI_ACCESS_GENERAL If this flag is set, the access right is displayed on the basic security page.
SI_ACCESS_CONTAINER Indicates an access right that applies only to containers. If this flag is set, the access right is displayed on the basic security page only if the ISecurityInformation::GetObjectInformation method specifies the SI_CONTAINER flag.
SI_ACCESS_PROPERTY Indicates a property-specific access right. Used with SI_EDIT_PROPERTIES.

This member can also specify a combination of the following flags to indicate whether other containers or objects can inherit the access right.
Value Meaning
CONTAINER_INHERIT_ACE Other containers that are contained by the primary object inherit the entry.
INHERIT_ONLY_ACE The ACE does not apply to the primary object to which the ACL is attached, but objects contained by the primary object inherit the entry.
OBJECT_INHERIT_ACE Noncontainer objects contained by the primary object inherit the entry.

Requirements

  Windows NT/2000: Requires Windows 2000.
  Header: Declared in Aclui.h.

See Also

Access Control Editor Overview, Access Control Editor Structures, GUID, ISecurityInformation::GetAccessRights, ISecurityInformation::GetObjectInformation, MAKEINTRESOURCE