GetEffectiveRightsFromAcl
[New
- Windows NT]
The GetEffectiveRightsFromAcl
function retrieves the effective access rights that an ACL allows for a specified trustee.
The trustee s effective access rights are the access rights that the ACL grants
to the trustee or to any groups of which the trustee is a member. The function
does not consider the security privileges held by the trustee in determining
the effective access rights.
DWORD GetEffectiveRightsFromAcl(
|
PACL pacl, |
// ACL to get trustee s rights from |
|
PTRUSTEE pTrustee, |
// trustee to get rights for |
|
PACCESS_MASK pAccessRights |
// receives trustee s access rights |
|
); |
|
Parameters
pacl
Pointer to an
ACL from which to get the trustee s effective access rights.
pTrustee
Pointer to a TRUSTEE structure that identifies
the trustee. A trustee can be a user, group, or program (such as a Windows NT
service). You can use a name or a security identifier (SID) to identify a trustee.
pAccessRights
Pointer to an
ACCESS_MASK
variable that receives the effective access rights of the trustee.
Return Values
If the
function succeeds, the return value is ERROR_SUCCESS.
If the
function fails, the return value is a nonzero error code defined in WINERROR.H.
Remarks
The GetEffectiveRightsFromAcl
function checks all access-allowed and access-denied ACEs in the ACL to
determine the effective rights for the trustee. For all ACEs that allow or deny
rights to a group, GetEffectiveRightsFromAcl enumerates the members of
the group to determine whether the trustee is a member. The function returns an
error if it cannot enumerate the members of a group.
See Also