2.4.4.2 ACCESS_ALLOWED_ACE
The ACCESS_ALLOWED_ACE structure defines an ACE for the discretionary access control list (DACL) that controls access to an object. An access-allowed ACE allows access to an object for a specific trustee identified by a security identifier (SID).
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Header |
|||||||||||||||||||||||||||||||
|
Mask |
|||||||||||||||||||||||||||||||
|
Sid (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Header (4 bytes): An ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by child objects.
Mask (4 bytes): An ACCESS_MASK that specifies the user rights allowed by this ACE.
Sid (variable): The SID of a trustee. The length of the SID MUST be a multiple of 4.