The ACE_HEADER structure describes the type and size of an access-control entry (ACE).
typedef struct _ACE_HEADER { // acehdr
BYTE AceType;
BYTE AceFlags;
WORD AceSize;
} ACE_HEADER;
|
Value |
ACE type |
|
ACCESS_ALLOWED_ACE_TYPE |
Access-allowed (defined by the ACCESS_ALLOWED_ACE structure) |
|
ACCESS_DENIED_ACE_TYPE |
Access-denied (defined by the ACCESS_DENIED_ACE structure) |
|
SYSTEM_AUDIT_ACE_TYPE |
System-audit (defined by the SYSTEM_AUDIT_ACE structure) |
System-alarm ACEs are not supported in the current version of Windows NT.
Applications cannot use the SYSTEM_ALARM_ACE_TYPE value or SYSTEM_ALARM_ACE
structure.
|
Value |
Meaning |
|
CONTAINER_INHERIT_ACE | |
|
The ACE is inherited by container objects, such as directories. | |
|
INHERIT_ONLY_ACE | |
|
The ACE does not apply to the container object, but to objects contained by it. | |
|
NO_PROPAGATE_INHERIT_ACE | |
|
The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE bits are not propagated to an inherited ACE. | |
|
OBJECT_INHERIT_ACE | |
|
The ACE is inherited by noncontainer objects, such as files created within the container object to which the ACE is assigned. | |
|
FAILED_ACCESS_ACE_FLAG | |
|
Used with system-audit and system-alarm ACEs to indicate a message is generated for failed access attempts. | |
|
SUCCESSFUL_ACCESS_ACE_FLAG | |
|
Used with system-audit and system-alarm ACEs to indicate a message is generated for successful access attempts. |
An ACE defines access to an object for a specific user or group or defines the types of access that generate system-administration messages or alarms for a specific user or group. The user or group is identified by a security identifier (SID).
ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACL, SYSTEM_ALARM_ACE, SYSTEM_AUDIT_ACE