RtlAddAce function (ntifs.h)

The RtlAddAce routine adds one or more access control entries (ACEs) to a specified access control list (ACL).

Syntax

NTSYSAPI NTSTATUS RtlAddAce(
  [in, out] PACL  Acl,
  [in]      ULONG AceRevision,
  [in]      ULONG StartingAceIndex,
  [in]      PVOID AceList,
  [in]      ULONG AceListLength
);

Parameters

[in, out] Acl

Pointer to the ACL to be modified. RtlAddAce adds the specified ACEs to this ACL.

[in] AceRevision

ACL revision level of the ACE to be added. Windows version requirements are the following:

Value Meaning
ACL_REVISION The revision level valid on all Windows versions.
ACL_REVISION_DS The revision level valid starting with Windows 2000.

AceRevision must be ACL_REVISION_DS if the ACL in Acl contains an object-specific ACE.

[in] StartingAceIndex

Specifies the position in the ACL's list of ACEs at which to add new ACEs. A value of zero inserts the ACEs at the beginning of the list. A value of MAXULONG appends the ACEs to the end of the list.

[in] AceList

Pointer to a buffer containing a list of one or more ACEs to be added to the specified ACL. The ACEs in the list must be stored contiguously.

[in] AceListLength

Size, in bytes, of the input buffer pointed to by the AceList parameter.

Return value

RtlAddAce returns STATUS_SUCCESS or an appropriate NTSTATUS value such as one of the following:

Return code Description
STATUS_BUFFER_TOO_SMALL The new ACEs do not fit into the ACL. A larger ACL buffer is required. STATUS_BUFFER_TOO_SMALL is an error code.
STATUS_INVALID_PARAMETER One of the parameter values was invalid. Possible reasons include that the specified ACL is invalid or the specified revision is unknown, is not compatible with revisions in the ACE list, or is not compatible with the revision of the ACL. STATUS_INVALID_PARAMETER is an error code.

Remarks

For information about calculating the size of an ACL, see the Remarks section of the reference entry for RtlCreateAcl.

To obtain a pointer to an ACE in an ACL, use RtlGetAce.

To delete an ACE from an ACL, use RtlDeleteAce.

To add an access-allowed ACE to an ACL, use RtlAddAccessAllowedAce.

For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.

Requirements

Requirement Value
Minimum supported client Windows Server 2003 with SP1
Target Platform Universal
Header ntifs.h (include Ntifs.h)
Library NtosKrnl.lib
DLL NtosKrnl.exe (kernel mode); Ntdll.dll (user mode)
IRQL <= APC_LEVEL

See also

ACE

ACL

RtlAddAccessAllowedAce

RtlCreateAcl

RtlDeleteAce

RtlGetAce