|
Working With ACLs and ACEs
Windows NT version 4.0 provides a new group of high-level access control
functions for working with access-control lists (ACLs) and security descriptors.
These functions make it easier to create new ACLs or to modify existing ACLs.
The SetEntriesInAcl function creates a new ACL. SetEntriesInAcl can specify a completely new set of ACEs for the ACL, or it can merge new
ACEs with the ACEs of an existing ACL. SetEntriesInAcl uses an array of EXPLICIT_ACCESS structures to specify the information for the new ACEs. Each EXPLICIT_ACCESS structure contains information that describes a single ACE. This information
includes the access rights, the type of ACE, the flags that control ACE
inheritance, and a TRUSTEE structure that identifies the trustee.
 To add a new ACE to an existing ACL
- Use the GetSecurityInfo or GetNamedSecurityInfo function to get the existing DACL or SACL from an object's security
descriptor.
- Use the BuildExplicitAccessWithName function to fill EXPLICIT_ACCESS structures with the information needed to describe each new ACE.
- Call SetEntriesInAcl, specifying the existing ACL and the array of EXPLICIT_ACCESS structures. SetEntriesInAcl allocates and initializes the ACL and its ACEs.
- Call the SetSecurityInfo or SetNamedSecurityInfo function to attach the new ACL to the object's security descriptor.
For an example that merges a new ACE into an existing ACL, see Allowing Access.
The SetEntriesInAcl function merges the new ACE information with the existing ACEs in the ACL.
Consider the case, for example, in which the existing ACL grants access to a
specified trustee and an EXPLICIT_ACCESS structure denies access to the same trustee. In this case, SetEntriesInAcl adds a new access-denied ACE for the trustee and deletes or modifies the
existing access-allowed ACE for the trustee.
The SetEntriesInAcl function ensures that ACEs are in the correct order in the new ACL. The
function positions all access-denied ACEs at the beginning of the ACL's list of
ACEs, ahead of any access-allowed ACEs.
The high-level access-control functions use the TRUSTEE structure to identify a trustee. This structure enables you to use a name
string or a SID to identify a trustee. If you use a name, the SetEntriesInAcl function performs the tasks of allocating the SID buffers and looking up the
SID that corresponds to the account name. There are two helper functions, BuildTrusteeWithSid and BuildTrusteeWithName, that initialize a TRUSTEE structure with a specified SID or name. Three other helper functions, GetTrusteeForm, GetTrusteeName, and GetTrusteeType, retrieve the values of the various members of a TRUSTEE structure.
| Last news from Greatis Software |
 |
|
Nostalgia .Net |
|
.Net is powerful, but not all-powerful, so sometimes we need to use Win32 API for our .Net applications. It's simple enough with Platform Invoke if you have Win32 skill, but we do not always have time to dig the ancient documentation, declare the special types that are compatible with Win32, find the values of the Win32's constants and so on. Nostalgia .Net offers several simple-to-use classes, and components that will allow you to forget about the headache of Win32 and just use the power of Win32 in your application the same way as you use the native. Net classes. More » |
| Recommended software for developers |
 |
|
Ultimate Pack |
|
Component pack for Delphi and C++ Builder that contains runtime form designer, runtime object inspector, print suite and much more for the very special price. More » |
 |
|
Form Designer .Net |
|
Unique runtime form design solution that allows to edit any form in .Net WinForms application at runtime with full source codes for only 300 euro! More » |
 |
|
Print Suite .Net |
|
Print Suite .Net is a set of components for easy printing texts, images and grids from your WinForms applications. Full C# source codes are available More » |
 |
|
Gradient Controls .Net |
|
Gradient Controls .Net offers controls with gradient background feature. Labels, panels and so on... Full C# source codes are available More » |
 |
|
Greatis iGrid |
|
iGrid plots drawing grid right over your desktop, so you can use it everywhere, with any drawing application without any special plugins for different graphic editors. More » |
All the contacts and projectsDmitry Vasiliev (just.dmitry)
Related LinksSoftware for Visual Studio .NET developers
Software for Delphi and C++ Builder developers
Software for Visual Basic 6 developers
Delphi Tips&Tricks
MegaDetailed.NET More Online Helps Win32 Programmer's Reference
Win32 Multimedia Programmer's Reference
OLE Programmer's Reference
Microsoft Windows Pen API Programmer's Reference
Microsoft Windows Sockets 2 Reference
Microsoft Windows Telephony API (TAPI) Programmer's Reference
Unix Manual Pages
|
