VB5, VB6 An ACE in Time ...
Public Sub AddAceToFile(ByVal xi_strFilePath As String, _
   ByVal xi_lngPermissions As Long, _
   ByVal xi_enmAccessLevel As ACCESS_MODE, _
   ByVal xi_strUserOrGroup As String)
Dim p_typAbsoluteSD As SECURITY_DESCRIPTOR
Dim p_typACL_Info As ACL_SIZE_INFORMATION
Dim p_typCurrentACE As ACCESS_ALLOWED_ACE
Dim p_abytUserSID() As Byte
Dim p_abytNewACL() As Byte
Dim p_abyCurrSecureDescBuf()As Byte
p_strUserName = xi_strUserOrGroup
If m_objGeneral.IsNTFS(xi_strFilePath) = False Then
   ' Raise an error
End If
LookupSID xi_strUserID:=p_strUserName, _
    xo_strDomainName:=p_strDomainName, _
    xo_abytUserSID:=p_abytUserSID()
p_typAbsoluteSD = InitSecurityDesc()
Get_FileSecurityInfoDACL xi_strFilePath:=_
   xi_strFilePath, _
   xo_bytSecurityDescrBuf:=p_abyCurrSecureDescBuf()
p_lngPtrCurrACL = _
   Get_DACL(xi_strFilePath:=xi_strFilePath, _
   xio_bytSecurityDescrBuf:=p_abyCurrSecureDescBuf)
p_typACL_Info = _
   Get_AclInfo(xi_lngCurrentACL:=p_lngPtrCurrACL)
p_blnIsDupe = _
   IsDupeACE(xi_strUserOrGroup:=xi_strUserOrGroup, _
   xi_strDomainName:=p_strDomainName, _
   xi_strFilePath:=xi_strFilePath)
If p_blnIsDupe = True Then
   p_lngNewACLSize = _
      Get_ACLSize(xi_typACL_Info:=p_typACL_Info, _
      xi_lngSizeNewAce:=0&, _
      xi_abytUserSID:=p_abytUserSID)
   ' Handle Error If p_lngNewACLSize <= 0
   ReDim p_abytNewACL(0 To p_lngNewACLSize)
   Init_Acl xo_abytNewACL:=p_abytNewACL, _
      xi_lngNewACLSize:=p_lngNewACLSize
   UpdateACEinACL xi_lngPtrCurrACL:=p_lngPtrCurrACL, _
      xi_strFilePath:=xi_strFilePath, _
      xi_lngAccessMask:=xi_lngPermissions, _
      xi_typNewSecurityDescr:=p_typAbsoluteSD, _
      xi_abytNewACL:=p_abytNewACL, _
      xi_abytUserSID:=p_abytUserSID, _
      xi_enmAccessLevel:=xi_enmAccessLevel
Else
   p_lngNewACLSize = _
      Get_ACLSize(xi_typACL_Info:=p_typACL_Info, _
      xi_lngSizeNewAce:=LenB(p_typCurrentACE), _
      xi_abytUserSID:=p_abytUserSID)
   ' Handle Error If p_lngNewACLSize <= 0
   ReDim p_abytNewACL(0 To p_lngNewACLSize)
   Init_Acl xo_abytNewACL:=p_abytNewACL, _
      xi_lngNewACLSize:=p_lngNewACLSize
   AddACEtoACL xi_lngPtrCurrACL:=p_lngPtrCurrACL, _
      xi_strFilePath:=xi_strFilePath, _
      xi_lngAccessMask:=xi_lngPermissions, _
      xi_typNewSecurityDescr:=p_typAbsoluteSD, _
      xi_abytNewACL:=p_abytNewACL, _
      xi_abytUserSID:=p_abytUserSID, _
      xi_enmAccessLevel:=xi_enmAccessLevel
End If
End Sub

Public Sub Get_FileSecurityInfoDACL(ByVal _
   xi_strFilePath As String, _
   ByRef xo_bytSecurityDescrBuf() As Byte)
p_lngLen = 0&
p_lngRtn = GetFileSecurityN(lpFileName:=xi_strFilePath, _
   RequestedInformation:=DACL_SECURITY_INFORMATION, _
   pSecurityDescriptor:=0&, nLength:=p_lngLen, _
   lpnLengthNeeded:=p_lngSizeNeeded)
ReDim xo_bytSecurityDescrBuf(0 To p_lngSizeNeeded)
p_lngLen = p_lngSizeNeeded
p_lngRtn = GetFileSecurity(lpFileName:=xi_strFilePath, _
   RequestedInformation:=DACL_SECURITY_INFORMATION, _
   pSecurityDescriptor:=xo_bytSecurityDescrBuf(0), _
   nLength:=p_lngLen, _
   lpnLengthNeeded:=p_lngSizeNeeded)
' Handle Error If p_lngRtn = 0
End Sub
Listing 2 Adding an ACE to the file's Security Descriptor is relatively complex, partly because you might have to deal with duplicate SIDs.