|
Overview |
|
|
|
Group |
|
|
|
Quick Info
Windows NT
| Yes
| Win95
| No
| Win32s
| No
| Import Library
| advapi32.lib
| Header File
| aclapi.h
| Unicode
| WinNT
| Platform Notes
| None
|
|
|
SetEntriesInAcl
[New - Windows NT]
The
SetEntriesInAcl function creates a new access-control list (ACL) by merging new
access-control or audit-control information into an existing
ACL.
DWORD SetEntriesInAcl(
ULONG cCountOfExplicitEntries,
| // number of entries in the list
|
PEXPLICIT_ACCESS pListOfExplicitEntries,
| // pointer to list of entries with new access data
|
PACL OldAcl,
| // pointer to the original ACL
|
PACL * NewAcl
| // receives a pointer to the new ACL
|
);
|
|
Parameters
cCountOfExplicitEntries
Specifies the number of
EXPLICIT_ACCESS structures in the
pListOfExplicitEntries array.
pListOfExplicitEntries
Pointer to an array of
EXPLICIT_ACCESS structures that describe the access control information to merge into the
existing ACL.
OldAcl
Pointer to the existing ACL. This parameter can be NULL, in which case, the
function creates a new ACL based on the
EXPLICIT_ACCESS entries.
NewAcl
Pointer to a variable that receives a pointer to the new ACL. If the function
succeeds, you must call the
LocalFree function to free the returned buffer.
Return Values
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is a nonzero error code defined in
WINERROR.H.
Remarks
Each entry in the array of
EXPLICIT_ACCESS structures specifies access-control or audit-control information for a
specified trustee. A trustee can be a user, group, or other SID value, such as a
logon identifier or logon type (for instance, a Windows NT service or batch job).
You can use a name or a security identifier (
SID) to identify a trustee.
You can use the
SetEntriesInAcl function to modify the list of ACEs in a DACL or a SACL. A DACL controls
access to an object, and a SACL controls the system's auditing of attempts to
access to an object. Note that
SetEntriesInAcl does not prevent you from mixing access-control and audit-control information
in the same
ACL; however, the resulting ACL will contain meaningless entries.
For a DACL, the
grfAccessMode member of the
EXPLICIT_ACCESS structure specifies whether to allow, deny, or revoke access rights for the
trustee. This member can specify one of the following values from the
ACCESS_MODE enumeration.
Value
| Meaning
|
GRANT_ACCESS
| Creates a new access-allowed ACE that combines the specified rights with any
existing rights of the trustee. The new ACE replaces any existing access-allowed
ACE for the trustee. The function also modifies or deletes any existing
access-denied ACE for the trustee that denies the specified rights.
|
SET_ACCESS
| Similar to GRANT_ACCESS except that the new access-allowed ACE allows only the
specified rights, discarding any existing rights. This flag also removes any
existing access-denied ACE for the trustee.
|
DENY_ACCESS
| Creates a new access-denied ACE that replaces any existing access-denied ACE
for the trustee. The new ACE denies the specified rights in addition to any
currently denied rights of the trustee. The function also modifies or deletes any
existing access-allowed ACE for the trustee that allows the specified rights.
|
REVOKE_ACCESS
| Removes any existing ACEs for the specified trustee. The function ignores the
rights specified in the grfAccessPermissions member of the EXPLICIT_ACCESS structure.
|
The
SetEntriesInAcl function places any new access-denied ACEs at the beginning of the list of
ACEs for the new
ACL. It places any new access-allowed ACEs just before any existing
access-allowed ACEs.
For a SACL, the
grfAccessMode member of the
EXPLICIT_ACCESS structure can specify the following values.
Value
| Meaning
|
REVOKE_ACCESS
| Removes any existing ACEs for the specified trustee. The function ignores the
rights specified in the grfAccessPermissions member of the EXPLICIT_ACCESS structure.
|
SET_AUDIT_SUCCESS
| Creates a new system-audit ACE that replaces any existing system-audit ACE for
the trustee. The new ACE generates audit messages when the specified trustee
successfully uses the specified access rights. The new ACE combines the
specified rights with any existing audited access rights for the trustee. You can
combine this value with SET_AUDIT_FAILURE.
|
SET_AUDIT_FAILURE
| Creates a new system-audit ACE that replaces any existing system-audit ACE for
the trustee. The new ACE generates audit messages for failed attempts to use
the specified access rights. The new ACE combines the specified rights with any
existing audited access rights for the trustee. You can combine this value with
SET_AUDIT_SUCCESS.
|
The
SetEntriesInAcl function places any new system-audit ACEs at the beginning of the list of
ACEs for the new ACL.
See Also
ACCESS_ALLOWED_ACE,
ACCESS_DENIED_ACE,
ACL,
EXPLICIT_ACCESS,
LocalFree,
SYSTEM_AUDIT_ACE
- Software for developers
-
Delphi Components
.Net Components
Software for Android Developers
- More information resources
-
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
- Databases for Amazon shops developers
-
Amazon Categories Database
Browse Nodes Database
