The GetExplicitEntriesFromAcl function retrieves an array of EXPLICIT_ACCESS structures that describe the access-control entries (ACEs) in an access-control list (ACL).
DWORD GetExplicitEntriesFromAcl(
|
PACL pacl, |
// pointer to the ACL from which to get entries |
|
PULONG pcCountOfExplicitEntries, |
// receives number of entries in the list |
|
PEXPLICIT_ACCESS * pListOfExplicitEntries |
// receives pointer to list of entries |
|
); |
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is a nonzero error code defined in WINERROR.H.
Each entry in the array of EXPLICIT_ACCESS structures describes access control information from an ACE for a trustee. A trustee can be a user, group, or program (such as a Windows NT service).
Each EXPLICIT_ACCESS structure specifies a set of access rights and an access mode flag that indicates whether the ACE allows, denies, or audits the specified rights.
For a discretionary ACL (DACL), the access mode flag can be one of the following values from the ACCESS_MODE enumeration.
|
Value |
Meaning |
|
SET_ACCESS |
Indicates that an access-allowed ACE for the trustee allows the specified access rights. |
|
DENY_ACCESS |
Indicates that an access-denied ACE for the trustee denies the specified access rights. |
For a system ACL (SACL), the access mode flag can be a combination of the following values from the ACCESS_MODE enumeration.
|
Value |
Meaning |
|
SET_AUDIT_SUCCESS |
Indicates that a system-audit ACE for the trustee generates audit messages for successful attempts to use the specified access rights. |
|
SET_AUDIT_FAILURE |
Indicates that a system-audit ACE for the trustee generates audit messages for failed attempts to use the specified access rights. |
ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACE, ACL, EXPLICIT_ACCESS, LocalFree, SYSTEM_AUDIT_ACE