CDacl::AddDeniedAce

Adds a denied ACE (access-control entry) to the CDacl object.

bool AddDeniedAce( 
   const CSid & rSid, 
   ACCESS_MASK AccessMask, 
   BYTE AceFlags = 0 
) throw(...); 
bool AddDeniedAce( 
   const CSid & rSid, 
   ACCESS_MASK AccessMask, 
   BYTE AceFlags, 
   const GUID * pObjectType, 
   const GUID * pInheritedObjectType  
) throw(...);

Parameters

  • rSid
    A CSid object.

  • AccessMask
    Specifies the mask of access rights to be denied for the specified CSid object.

  • AceFlags
    A set of bit flags that control ACE inheritance. Defaults to 0 in the first form of the method.

  • pObjectType
    The object type.

  • pInheritedObjectType
    The inherited object type.

Return Value

Returns true if the ACE is added to the CDacl object, false on failure.

Remarks

A CDacl object contains zero or more ACEs (access-control entries) that identify the users and groups who can access the object. This method adds an ACE that denies access to the CDacl object.

Note

The second form of AddDeniedAce is only available on Windows 2000 and later.

See ACE_HEADER for a description of the various flags which can be set in the AceFlags parameter.

Requirements

Header: atlsecurity.h

See Also

Reference

CDacl Class

CDacl::AddAllowedAce

CDacl::RemoveAllAces

ACCESS_MASK