please dont rip this site Prev Next

SetEntriesInAcl info  Overview  Group

The SetEntriesInAcl function creates a new access-control list (ACL) by merging new access-control or audit-control information into an existing ACL.

DWORD SetEntriesInAcl(

    ULONG  cCountOfExplicitEntries,

// number of entries in the list

    PEXPLICIT_ACCESS  pListOfExplicitEntries,

// pointer to list of entries with new access data

    PACL  OldAcl,

// pointer to the original ACL

    PACL  * NewAcl

// receives a pointer to the new ACL

   );

Parameters

cCountOfExplicitEntries
Specifies the number of EXPLICIT_ACCESS structures in the pListOfExplicitEntries array.
pListOfExplicitEntries
Pointer to an array of EXPLICIT_ACCESS structures that describe the access control information to merge into the existing ACL.
OldAcl
Pointer to the existing ACL. This parameter can be NULL, in which case, the function creates a new ACL based on the EXPLICIT_ACCESS entries.
NewAcl
Pointer to a variable that receives a pointer to the new ACL. If the function succeeds, you must call the LocalFree function to free the returned buffer.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value is a nonzero error code defined in WINERROR.H.

Remarks

Each entry in the array of EXPLICIT_ACCESS structures specifies access-control or audit-control information for a specified trustee. A trustee can be a user, group, or other SID value, such as a logon identifier or logon type (for instance, a Windows NT service or batch job). You can use a name or a security identifier (SID) to identify a trustee.

You can use the SetEntriesInAcl function to modify the list of ACEs in a DACL or a SACL. A DACL controls access to an object, and a SACL controls the system’s auditing of attempts to access to an object. Note that SetEntriesInAcl does not prevent you from mixing access-control and audit-control information in the same ACL; however, the resulting ACL will contain meaningless entries.

For a DACL, the grfAccessMode member of the EXPLICIT_ACCESS structure specifies whether to allow, deny, or revoke access rights for the trustee. This member can specify one of the following values from the ACCESS_MODE enumeration.

Value

Meaning

GRANT_ACCESS

Creates a new access-allowed ACE that combines the specified rights with any existing rights of the trustee. The new ACE replaces any existing access-allowed ACE for the trustee. The function also modifies or deletes any existing access-denied ACE for the trustee that denies the specified rights.

SET_ACCESS

Similar to GRANT_ACCESS except that the new access-allowed ACE allows only the specified rights, discarding any existing rights. This flag also removes any existing access-denied ACE for the trustee.

DENY_ACCESS

Creates a new access-denied ACE that replaces any existing access-denied ACE for the trustee. The new ACE denies the specified rights in addition to any currently denied rights of the trustee. The function also modifies or deletes any existing access-allowed ACE for the trustee that allows the specified rights.

REVOKE_ACCESS

Removes any existing ACEs for the specified trustee. The function ignores the rights specified in the grfAccessPermissions member of the EXPLICIT_ACCESS structure.

The SetEntriesInAcl function places any new access-denied ACEs at the beginning of the list of ACEs for the new ACL. It places any new access-allowed ACEs just before any existing access-allowed ACEs.

For a SACL, the grfAccessMode member of the EXPLICIT_ACCESS structure can specify the following values.

Value

Meaning

REVOKE_ACCESS

Removes any existing ACEs for the specified trustee. The function ignores the rights specified in the grfAccessPermissions member of the EXPLICIT_ACCESS structure.

SET_AUDIT_SUCCESS

Creates a new system-audit ACE that replaces any existing system-audit ACE for the trustee. The new ACE generates audit messages when the specified trustee successfully uses the specified access rights. The new ACE combines the specified rights with any existing audited access rights for the trustee. You can combine this value with SET_AUDIT_FAILURE.

SET_AUDIT_FAILURE

Creates a new system-audit ACE that replaces any existing system-audit ACE for the trustee. The new ACE generates audit messages for failed attempts to use the specified access rights. The new ACE combines the specified rights with any existing audited access rights for the trustee. You can combine this value with SET_AUDIT_SUCCESS.

The SetEntriesInAcl function places any new system-audit ACEs at the beginning of the list of ACEs for the new ACL.

See Also

ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACL, EXPLICIT_ACCESS, LocalFree, SYSTEM_AUDIT_ACE

file: /Techref/os/win/api/win32/func/src/f78_12.htm, 8KB, , updated: 2000/4/7 11:19, local time: 2024/11/5 15:23,
TOP NEW HELP FIND: 
3.15.189.227:LOG IN
©2024 PLEASE DON'T RIP! THIS SITE CLOSES OCT 28, 2024 SO LONG AND THANKS FOR ALL THE FISH!
 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF="http://linistepper.com/techref/os/win/api/win32/func/src/f78_12.htm"> SetEntriesInAcl</A>
After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.


Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?