ACE_HEADER
The ACE_HEADER
structure describes the type and size of an access-control entry (ACE).
typedef struct _ACE_HEADER { // acehdr
BYTE
AceType;
BYTE
AceFlags;
WORD
AceSize;
} ACE_HEADER;
Members
AceType
Specifies the
ACE type. This member can be one of the following values:
|
Value |
ACE type |
|
ACCESS_ALLOWED_ACE_TYPE |
Access-allowed
(defined by the ACCESS_ALLOWED_ACE structure) |
|
ACCESS_DENIED_ACE_TYPE |
Access-denied
(defined by the ACCESS_DENIED_ACE structure) |
|
SYSTEM_AUDIT_ACE_TYPE |
System-audit
(defined by the SYSTEM_AUDIT_ACE structure) |
System-alarm
ACEs are not supported in the current version of Windows NT. Applications
cannot use the SYSTEM_ALARM_ACE_TYPE value or SYSTEM_ALARM_ACE structure.
AceFlags
Specifies a
set of ACE type-specific control flags. This member can be a combination of the
following values:
|
Value |
Meaning |
|
CONTAINER_INHERIT_ACE |
|
|
|
The ACE is
inherited by container objects, such as directories. |
|
INHERIT_ONLY_ACE |
|
|
|
The ACE
does not apply to the container object, but to objects contained by it. |
|
NO_PROPAGATE_INHERIT_ACE |
|
|
|
The
OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE bits are not propagated to an
inherited ACE. |
|
OBJECT_INHERIT_ACE |
|
|
|
The ACE is
inherited by noncontainer objects, such as files created within the container
object to which the ACE is assigned. |
|
FAILED_ACCESS_ACE_FLAG |
|
|
|
Used with
system-audit and system-alarm ACEs to indicate a message is generated for
failed access attempts. |
|
SUCCESSFUL_ACCESS_ACE_FLAG |
|
|
|
Used with
system-audit and system-alarm ACEs to indicate a message is generated for
successful access attempts. |
AceSize
Specifies the
size, in bytes, of the ACE.
Remarks
An ACE
defines access to an object for a specific user or group or defines the types
of access that generate system-administration messages or alarms for a specific
user or group. The user or group is identified by a security identifier (SID).
See Also