2.4.4.1 ACE_HEADER

The ACE_HEADER structure defines the type and size of an access control entry (ACE).


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

AceType

AceFlags

AceSize

AceType (1 byte): An unsigned 8-bit integer that specifies the ACE types. This field MUST be one of the following values.

Value

Meaning

ACCESS_ALLOWED_ACE_TYPE

0x00

Access-allowed ACE that uses the ACCESS_ALLOWED_ACE (section 2.4.4.2) structure.

ACCESS_DENIED_ACE_TYPE

0x01

Access-denied ACE that uses the ACCESS_DENIED_ACE (section 2.4.4.4) structure.

SYSTEM_AUDIT_ACE_TYPE

0x02

System-audit ACE that uses the SYSTEM_AUDIT_ACE (section 2.4.4.10) structure.

SYSTEM_ALARM_ACE_TYPE

0x03

Reserved for future use.

ACCESS_ALLOWED_COMPOUND_ACE_TYPE

0x04

Reserved for future use.

ACCESS_ALLOWED_OBJECT_ACE_TYPE

0x05

Object-specific access-allowed ACE that uses the ACCESS_ALLOWED_OBJECT_ACE (section 2.4.4.3) structure.<45>

ACCESS_DENIED_OBJECT_ACE_TYPE

0x06

Object-specific access-denied ACE that uses the ACCESS_DENIED_OBJECT_ACE (section 2.4.4.5) structure.<46>

SYSTEM_AUDIT_OBJECT_ACE_TYPE

0x07

Object-specific system-audit ACE that uses the SYSTEM_AUDIT_OBJECT_ACE (section 2.4.4.11) structure.<47>

SYSTEM_ALARM_OBJECT_ACE_TYPE

0x08

Reserved for future use.

ACCESS_ALLOWED_CALLBACK_ACE_TYPE

0x09

Access-allowed callback ACE that uses the ACCESS_ALLOWED_CALLBACK_ACE (section 2.4.4.6) structure.<48>

ACCESS_DENIED_CALLBACK_ACE_TYPE

0x0A

Access-denied callback ACE that uses the ACCESS_DENIED_CALLBACK_ACE (section 2.4.4.7) structure.<49>

ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE

0x0B

Object-specific access-allowed callback ACE that uses the ACCESS_ALLOWED_CALLBACK_OBJECT_ACE (section 2.4.4.8) structure.<50>

ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE

0x0C

Object-specific access-denied callback ACE that uses the ACCESS_DENIED_CALLBACK_OBJECT_ACE (section 2.4.4.9) structure.<51>

SYSTEM_AUDIT_CALLBACK_ACE_TYPE

0x0D

System-audit callback ACE that uses the SYSTEM_AUDIT_CALLBACK_ACE (section 2.4.4.12) structure.<52>

SYSTEM_ALARM_CALLBACK_ACE_TYPE

0x0E

Reserved for future use.

SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE

0x0F

Object-specific system-audit callback ACE that uses the SYSTEM_AUDIT_CALLBACK_OBJECT_ACE (section 2.4.4.14) structure.

SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE

0x10

Reserved for future use.

SYSTEM_MANDATORY_LABEL_ACE_TYPE

0x11

Mandatory label ACE that uses the SYSTEM_MANDATORY_LABEL_ACE (section 2.4.4.13) structure.

SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE

0x12

Resource attribute ACE that uses the SYSTEM_RESOURCE_ATTRIBUTE_ACE (section 2.4.4.15)

SYSTEM_SCOPED_POLICY_ID_ACE_TYPE

0x13

A central policy ID ACE that uses the SYSTEM_SCOPED_POLICY_ID_ACE (section 2.4.4.16)

The term "callback" in this context does not relate to RPC call backs. <53>

AceFlags (1 byte): An unsigned 8-bit integer that specifies a set of ACE type-specific control flags. This field can be a combination of the following values.

Value

Meaning

CONTAINER_INHERIT_ACE

0x02

Child objects that are containers, such as directories, inherit the ACE as an effective ACE. The inherited ACE is inheritable unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.

FAILED_ACCESS_ACE_FLAG

0x80

Used with system-audit ACEs in a system access control list (SACL) to generate audit messages for failed access attempts.

INHERIT_ONLY_ACE

0x08

Indicates an inherit-only ACE, which does not control access to the object to which it is attached. If this flag is not set, the ACE is an effective ACE that controls access to the object to which it is attached.

Both effective and inherit-only ACEs can be inherited depending on the state of the other inheritance flags.

INHERITED_ACE

0x10

Used to indicate that the ACE was inherited.<54> See section 2.5.3.5 for processing rules for setting this flag.

NO_PROPAGATE_INHERIT_ACE

0x04

If the ACE is inherited by a child object, the system clears the OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags in the inherited ACE. This prevents the ACE from being inherited by subsequent generations of objects.

OBJECT_INHERIT_ACE

0x01

Noncontainer child objects inherit the ACE as an effective ACE.

For child objects that are containers, the ACE is inherited as an inherit-only ACE unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.

SUCCESSFUL_ACCESS_ACE_FLAG

0x40

Used with system-audit ACEs in a SACL to generate audit messages for successful access attempts.

AceSize (2 bytes): An unsigned 16-bit integer that specifies the size, in bytes, of the ACE. The AceSize field can be greater than the sum of the individual fields, but MUST be a multiple of 4 to ensure alignment on a DWORD boundary. In cases where the AceSize field encompasses additional data for the callback ACEs types, that data is implementation-specific. Otherwise, this additional data is not interpreted and MUST be ignored.