EXPLICIT_ACCESS  1_VUZYX 

[New - Windows NT]

The EXPLICIT_ACCESS structure specifies access-control information for a specified trustee. Access control functions, such as SetEntriesInAcl0LYB0G and GetExplicitEntriesFromAclD1E2UB, use this structure to describe the information in an access-control entry (ACELF6.T4) of an access-control list (ACLLM6.T4).

typedef struct _EXPLICIT_ACCESS { 

    DWORD        grfAccessPermissions;

    ACCESS_MODE  grfAccessMode;

    DWORD        grfInheritance;

    TRUSTEE      Trustee;

} EXPLICIT_ACCESS, *PEXPLICIT_ACCESS;

 

Members

grfAccessPermissions

A set of bit flags that use the ACCESS_MASKKD_.DN format to specify the access rights that an ACE allows, denies, or audits for the trustee. The functions that use the EXPLICIT_ACCESS structure do not convert, interpret, or validate the bits in this mask.

grfAccessMode

Specifies a value from the ACCESS_MODERCF2V enumeration. For a discretionary ACL (DACL), this flag indicates whether the ACL allows or denies the specified access rights. For a system ACL (SACL), this flag indicates whether the ACL generates audit messages for successful attempts to use the specified access rights, or failed attempts, or both. When modifying an existing ACL, you can specify the REVOKE_ACCESS flag to remove any existing ACEs for the specified trustee.

grfInheritance

A set of bit flags that determines whether other containers or objects can inherit the ACELF6.T4 from the primary object to which the ACLLM6.T4 is attached. The value of this member corresponds to the inheritance portion (low-order byte) of the AceFlags member of the ACE_HEADER1XDLO53 structure. This parameter can be NO_INHERITANCE to indicate that the ACE is not inheritable; or it can be a combination of the following values.

Value

Meaning

CONTAINER_INHERIT_ACE

 

 

Other containers that are contained by the primary object inherit the ACE.

INHERIT_ONLY_ACE

 

 

The ACE does not apply to the primary object to which the ACL is attached, but objects contained by the primary object inherit the ACE.

NO_PROPAGATE_INHERIT_ACE

 

 

The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags are not propagated to an inherited ACE.

OBJECT_INHERIT_ACE

 

 

Noncontainer objects contained by the primary object inherit the ACE.

SUB_CONTAINERS_ONLY_INHERIT

 

 

Other containers that are contained by the primary object inherit the ACE. This flag corresponds to the CONTAINER_INHERIT_ACE flag.

SUB_OBJECTS_ONLY_INHERIT

 

 

Noncontainer objects contained by the primary object inherit the ACE. This flag corresponds to the OBJECT_INHERIT_ACE flag.

SUB_CONTAINERS_AND_OBJECTS_INHERIT

 

 

Both containers and noncontainer objects that are contained by the primary object inherit the ACE. This flag corresponds to the combination of the CONTAINER_INHERIT_ACE and OBJECT_INHERIT_ACE flags.

 

Trustee

A TRUSTEE structure that identifies the user, group, or program (such as a Windows NT service) to which the ACE applies.

 

See Also

ACCESS_MODE, ACE, ACE_HEADER, ACL, BuildExplicitAccessWithName, BuildSecurityDescriptor, GetExplicitEntriesFromAcl, LookupSecurityDescriptorParts, SetEntriesInAcl, TRUSTEE