Compartilhar via


CDacl Class

This class is a wrapper for a DACL (discretionary access-control list) structure.

Important

This class and its members cannot be used in applications that execute in the Windows Runtime.

class CDacl : public CAcl

Members

Public Constructors

Name

Description

CDacl::CDacl

The constructor.

CDacl::~CDacl

The destructor.

Public Methods

Name

Description

CDacl::AddAllowedAce

Adds an allowed ACE (access-control entry) to the CDacl object.

CDacl::AddDeniedAce

Adds a denied ACE to the CDacl object.

CDacl::GetAceCount

Returns the number of ACEs (access-control entries) in the CDacl object.

CDacl::RemoveAce

Removes a specific ACE (access-control entry) from the CDacl object.

CDacl::RemoveAllAces

Removes all of the ACEs contained in the CDacl object.

Public Operators

Name

Description

CDacl::operator =

Assignment operator.

Remarks

An object's security descriptor can contain a DACL. A DACL contains zero or more ACEs (access-control entries) that identify the users and groups who can access the object. If a DACL is empty (that is, it contains zero ACEs), no access is explicitly granted, so access is implicitly denied. However, if an object's security descriptor does not have a DACL, the object is unprotected and everyone has complete access.

To retrieve an object's DACL, you must be the object's owner or have READ_CONTROL access to the object. To change an object's DACL, you must have WRITE_DAC access to the object.

Use the class methods provided to create, add, remove, and delete ACEs from the CDacl object. See also AtlGetDacl and AtlSetDacl.

For an introduction to the access control model in Windows, see Access Control in the Windows SDK.

Inheritance Hierarchy

CAcl

CDacl

Requirements

Header: atlsecurity.h

See Also

Reference

CAcl Class

ACLs

ACEs

Concepts

Security Sample

Other Resources

ATL Class Overview

Security Global Functions