Compartilhar via


CAcl Class

This class is a wrapper for an ACL (access-control list) structure.

Important

This class and its members cannot be used in applications that execute in the Windows Runtime.

class CAcl

Members

Public Typedefs

Name

Description

CAcl::CAccessMaskArray

An array of ACCESS_MASKs.

CAcl::CAceFlagArray

An array of BYTEs.

CAcl::CAceTypeArray

An array of BYTEs.

Public Constructors

Name

Description

CAcl::CAcl

The constructor.

CAcl::~CAcl

The destructor.

Public Methods

Name

Description

CAcl::GetAceCount

Returns the number of access-control entry (ACE) objects.

CAcl::GetAclEntries

Retrieves the access-control list (ACL) entries from the CAcl object.

CAcl::GetAclEntry

Retrieves all of the information about an entry in a CAcl object.

CAcl::GetLength

Returns the length of the ACL.

CAcl::GetPACL

Returns a PACL (pointer to an ACL).

CAcl::IsEmpty

Tests the CAcl object for entries.

CAcl::IsNull

Returns the status of the CAcl object.

CAcl::RemoveAce

Removes a specific ACE (access-control entry) from the CAcl object.

CAcl::RemoveAces

Removes all ACEs (access-control entries) from the CAcl that apply to the given CSid.

CAcl::SetEmpty

Marks the CAcl object as empty.

CAcl::SetNull

Marks the CAcl object as NULL.

Public Operators

Name

Description

CAcl::operator const ACL *

Casts a CAcl object to an ACL structure.

CAcl::operator =

Assignment operator.

Remarks

The ACL structure is the header of an ACL (access-control list). An ACL includes a sequential list of zero or more ACEs (access-control entries). The individual ACEs in an ACL are numbered from 0 to n-1, where n is the number of ACEs in the ACL. When editing an ACL, an application refers to an access-control entry (ACE) within the ACL by its index.

There are two ACL types:

  • Discretionary

  • System

A discretionary ACL is controlled by the owner of an object or anyone granted WRITE_DAC access to the object. It specifies the access particular users and groups can have to an object. For example, the owner of a file can use a discretionary ACL to control which users and groups can and cannot have access to the file.

An object can also have system-level security information associated with it, in the form of a system ACL controlled by a system administrator. A system ACL can allow the system administrator to audit any attempts to gain access to an object.

For more details, see the ACL discussion in the Windows SDK.

For an introduction to the access control model in Windows, see Access Control in the Windows SDK.

Requirements

Header: atlsecurity.h

See Also

Other Resources

ATL Class Overview

Security Global Functions