GetEffectiveRightsFromAcl info  Overview  Group

The GetEffectiveRightsFromAcl function retrieves the effective access rights that an ACL allows for a specified trustee. The trustee’s effective access rights are the access rights that the ACL grants to the trustee or to any groups of which the trustee is a member. The function does not consider the security privileges held by the trustee in determining the effective access rights.

DWORD GetEffectiveRightsFromAcl(

PACL pacl,	// ACL to get trustee’s rights from
PTRUSTEE pTrustee,	// trustee to get rights for
PACCESS_MASK  pAccessRights	// receives trustee’s access rights
);

Parameters

pacl

Pointer to an ACL from which to get the trustee’s effective access rights.

pTrustee

Pointer to a TRUSTEE structure that identifies the trustee. A trustee can be a user, group, or program (such as a Windows NT service). You can use a name or a security identifier (SID) to identify a trustee.

pAccessRights

Pointer to an ACCESS_MASK variable that receives the effective access rights of the trustee.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value is a nonzero error code defined in WINERROR.H.

Remarks

The GetEffectiveRightsFromAcl function checks all access-allowed and access-denied ACEs in the ACL to determine the effective rights for the trustee. For all ACEs that allow or deny rights to a group, GetEffectiveRightsFromAcl enumerates the members of the group to determine whether the trustee is a member. The function returns an error if it cannot enumerate the members of a group.

See Also

ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACCESS_MASK, ACE, GetAuditedPermissionsFromAcl, SID, TRUSTEE