|
Overview |
|
|
|
Group |
|
|
|
Quick Info
Windows NT
| Yes
| Win95
| No
| Win32s
| No
| Import Library
| -
| Header File
| winnt.h
| Unicode
| No
| Platform Notes
| None
|
|
|
ACL
The
ACL structure is the header of an access-control list (ACL). A complete ACL
consists of an
ACL structure followed by an ordered list of zero or more access-control entries
(ACEs).
typedef struct _ACL { // acl
BYTE AclRevision;
BYTE Sbz1;
WORD AclSize;
WORD AceCount;
WORD Sbz2;
} ACL;
Members
AclRevision
Specifies the ACL's revision level. This value should be ACL_REVISION. All
ACEs in an ACL must be at the same revision level.
Sbz1
Specifies a zero byte of padding that aligns the
AclRevision member on a 16-bit boundary.
AclSize
Specifies the size, in bytes, of the ACL. This value includes both the
ACL structure and all the ACEs.
AceCount
Specifies the number of ACEs stored in the ACL.
Sbz2
Specifies two zero bytes of padding that align the
ACL structure on a 32-bit boundary.
Remarks
An ACL includes a sequential list of zero or more ACEs. The individual ACEs in
an ACL are numbered from 0 to
n, where
n+1 is the number of ACEs in the ACL. When editing an ACL, an application
refers to an ACE within the ACL by its index.
There are two types of ACL: discretionary and system.
A discretionary ACL is controlled by the owner of an object or anyone granted
WRITE_DAC access to the object. It specifies the access particular users and
groups can have to an object. For example, the owner of a file can use a
discretionary ACL to control which users and groups can and cannot have access to the
file.
An object may also have system-level security information associated with it,
in the form of a system ACL controlled by a system administrator. A system ACL
can allow the system administrator to audit any attempts to gain access to an
object.
Three ACE structures are currently defined:
ACE structure
| Description
|
ACCESS_ALLOWED_ACE
| Grants specified rights to a user or group. This ACE is stored in a
discretionary ACL.
|
ACCESS_DENIED_ACE
| Denies specified rights to a user or group. This ACE is stored in a
discretionary ACL.
|
SYSTEM_AUDIT_ACE
| Specifies what types of access will cause system-level audits. This ACE is
stored in a system ACL.
|
A fourth ACE structure,
SYSTEM_ALARM_ACE, is not currently supported by Windows NT.
The
ACL structure is to be treated as though it were opaque and applications are not
to attempt to work with its members directly. To ensure that ACLs are
semantically correct, applications can use the functions listed in the
SeeAlso section to create and manipulate ACLs.
Each
ACL and
ACE structure begins on a doubleword boundary.
See Also
AddAce,
DeleteAce,
GetAclInformation,
GetSecurityDescriptorDacl,
GetSecurityDescriptorSacl,
InitializeAcl,
IsValidAcl,
SetAclInformation,
SetSecurityDescriptorDacl,
SetSecurityDescriptorSacl
- Software for developers
-
Delphi Components
.Net Components
Software for Android Developers
- More information resources
-
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
- Databases for Amazon shops developers
-
Amazon Categories Database
Browse Nodes Database
