RtlAddAccessAllowedAceEx function (ntifs.h)

The RtlAddAccessAllowedAceEx routine adds an access-allowed access control entry (ACE ) with inheritance ACE flags to an access control list (ACL). The access is granted to the specified security identifier (SID).

Syntax

NTSYSAPI NTSTATUS RtlAddAccessAllowedAceEx(
  [in, out] PACL        Acl,
  [in]      ULONG       AceRevision,
  [in]      ULONG       AceFlags,
  [in]      ACCESS_MASK AccessMask,
  [in]      PSID        Sid
);

Parameters

[in, out] Acl

A pointer to a caller-allocated buffer that contains the ACL to be modified. RtlAddAccessAllowedAceEx adds an access-allowed ACE to the end of this ACL. The ACE is in the form of an ACCESS_ALLOWED_ACE structure.

[in] AceRevision

ACL revision level of the ACE to be added. This value can be ACL_REVISION or ACL_REVISION_DS. It must be ACL_REVISION_DS if the ACL contains an object-specific ACE.

[in] AceFlags

Bitmask specifying the inherit flags of the ACE to be added.

[in] AccessMask

A bitmask of one or more ACCESS_MASK flags that specify the access rights to be granted to the specified SID. For more information, see the description of the DesiredAccess parameter of ZwCreateFile.

[in] Sid

A pointer to the SID structure that represents a user, group, or logon account that is being granted access.

Return value

RtlAddAccessAllowedAceEx can return one of the following values:

Return code	Description
STATUS_SUCCESS	The ACE was successfully added.
STATUS_ALLOTTED_SPACE_EXCEEDED	A new ACE does not fit into the ACL. A larger ACL buffer is required. For more information about how to calculate the size of an ACL, see RtlCreateAcl.
STATUS_INVALID_ACL	The specified ACL is not correctly formed.
STATUS_INVALID_PARAMETER	The AceFlags parameter was invalid.
STATUS_INVALID_SID	The specified SID structure is not structurally valid.
STATUS_REVISION_MISMATCH	The specified AceRevision is not known or is not compatible with that of the ACL.

Remarks

Unlike RtlAddAccessAllowedAce, this routine sets the inheritance ACE flags.

For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK, such as:

• Access Control Lists

• Creating or Modifying an ACL

• Getting Information from an ACL

Requirements

Requirement	Value
Minimum supported client	Windows 2000
Target Platform	Universal
Header	ntifs.h (include Ntifs.h, FltKernel.h)
Library	NtosKrnl.lib
DLL	NtosKrnl.exe
IRQL	<= APC_LEVEL

See also

ACCESS_ALLOWED_ACE

ACCESS_MASK

ACE

ACL

RtlCreateAcl

RtlCreateSecurityDescriptor

RtlCreateSecurityDescriptorRelative

RtlLengthSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlValidSecurityDescriptor

SID

SeAssignSecurity

ZwCreateFile