ACTRL_ACCESS_ENTRY info  Overview  Group

[This is a preview of an interface that may appear in future releases of Windows.]

The ACTRL_ACCESS_ENTRY structure contains access-control information for a specified trustee. This structure stores information equivalent to the access-control information stored in an ACE.

typedef struct _ACTRL_ACCESS_ENTRY {

    TRUSTEE         Trustee;

    ULONG           fAccessFlags;

    ACCESS_RIGHTS   Access;

    ACCESS_RIGHTS   ProvSpecificAccess;

    INHERIT_FLAGS   Inheritance;

    LPCTSTR         lpInheritProperty;

} ACTRL_ACCESS_ENTRY;

 

Members

Trustee

A TRUSTEE structure that identifies the user, group, or program (such as a Windows NT service) to which the access-control entry applies.

fAccessFlags

Indicates how the access rights specified by the Access and ProvSpecificAccess members apply to the trustee. This member can be one of the following values.

Value	Meaning
ACTRL_ACCESS_ALLOWED	The rights are allowed.
ACTRL_ACCESS_DENIED	The rights are denied.
ACTRL_AUDIT_FAILURE	The system generates audit messages for failed attempts to use the rights.
ACTRL_AUDIT_SUCCESS	The system generates audit messages for successful attempts to use the rights.

Access

A bit mask that specifies the access rights that the entry allows, denies, or audits for the trustee. This member must use the provider-independent access flags, such as ACTRL_READ_CONTROL, rather than the Windows NT-specific access flags, such as READ_CONTROL. The provider for the object type converts these provider-independent flags to the corresponding provider-specific flags.

For mappings of the Windows NT-specific access flags for the various object types to the corresponding provider-independent access flags, see Provider Independent Access Rights.

ProvSpecificAccess

A bit mask that specifies access rights specific to the provider type. The functions that use the ACTRL_ACCESS_ENTRY structure pass these bits on to the provider without interpreting them. In most cases, this value should be zero.

Inheritance

A set of bit flags that determines whether other containers or objects can inherit the access-control entry from the primary object to which the access list is attached. This parameter can be NO_INHERITANCE to indicate that the access-control entry is not inheritable, or it can be a combination of the following values.

Value	Meaning
CONTAINER_INHERIT_ACE
	Other containers that are contained by the primary object inherit the entry.
INHERIT_ONLY_ACE
	The ACE does not apply to the primary object to which the ACL is attached, but objects contained by the primary object inherit the entry.
NO_PROPAGATE_INHERIT_ACE
	The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags are not propagated to an inherited entry.
OBJECT_INHERIT_ACE
	Noncontainer objects contained by the primary object inherit the entry.
SUB_CONTAINERS_ONLY_INHERIT
	Other containers that are contained by the primary object inherit the entry. This flag corresponds to the CONTAINER_INHERIT_ACE flag.
SUB_OBJECTS_ONLY_INHERIT
	Noncontainer objects contained by the primary object inherit the entry. This flag corresponds to the OBJECT_INHERIT_ACE flag.
SUB_CONTAINERS_AND_OBJECTS_INHERIT
	Both containers and noncontainer objects that are contained by the primary object inherit the entry. This flag corresponds to the combination of the CONTAINER_INHERIT_ACE and OBJECT_INHERIT_ACE flags.

lpInheritProperty

Pointer to a null-terminated string that identifies the object types that can inherit the entry.

See Also

TRUSTEE