2.2.2.21.3.2 NewVersionComponentDACL
The NewVersionComponentDACL type represents a DACL in a component-related security descriptor that uses the more granular component access constants to specify rights in each of its ACEs.
A field of this type MUST be an ACL as specified in [MS-DTYP] section 2.4.5. Furthermore, the following restrictions apply to the Ace fields:
Each Ace field SHOULD be a NewVersionComponentAccessAllowedACE (section 2.2.2.21.2.2) or NewVersionComponentAccessDeniedACE (section 2.2.2.21.2.4).
Each Ace field MUST NOT be an OldVersionComponentAccessAllowedACE (section 2.2.2.21.2.1) or OldVersionComponentAccessDeniedACE (section 2.2.2.21.2.3).
Other ACE types are not meaningful and SHOULD NOT be present.