2.4.4.1 ACE_HEADER
The ACE_HEADER structure defines the type and size of an access control entry (ACE).
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
AceType |
AceFlags |
AceSize |
AceType (1 byte): An unsigned 8-bit integer that specifies the ACE types. This field MUST be one of the following values.
-
Value
Meaning
ACCESS_ALLOWED_ACE_TYPE
0x00
Access-allowed ACE that uses the ACCESS_ALLOWED_ACE (section 2.4.4.2) structure.
ACCESS_DENIED_ACE_TYPE
0x01
Access-denied ACE that uses the ACCESS_DENIED_ACE (section 2.4.4.4) structure.
SYSTEM_AUDIT_ACE_TYPE
0x02
System-audit ACE that uses the SYSTEM_AUDIT_ACE (section 2.4.4.10) structure.
SYSTEM_ALARM_ACE_TYPE
0x03
Reserved for future use.
ACCESS_ALLOWED_COMPOUND_ACE_TYPE
0x04
Reserved for future use.
ACCESS_ALLOWED_OBJECT_ACE_TYPE
0x05
Object-specific access-allowed ACE that uses the ACCESS_ALLOWED_OBJECT_ACE (section 2.4.4.3) structure.<45>
ACCESS_DENIED_OBJECT_ACE_TYPE
0x06
Object-specific access-denied ACE that uses the ACCESS_DENIED_OBJECT_ACE (section 2.4.4.5) structure.<46>
SYSTEM_AUDIT_OBJECT_ACE_TYPE
0x07
Object-specific system-audit ACE that uses the SYSTEM_AUDIT_OBJECT_ACE (section 2.4.4.11) structure.<47>
SYSTEM_ALARM_OBJECT_ACE_TYPE
0x08
Reserved for future use.
ACCESS_ALLOWED_CALLBACK_ACE_TYPE
0x09
Access-allowed callback ACE that uses the ACCESS_ALLOWED_CALLBACK_ACE (section 2.4.4.6) structure.<48>
ACCESS_DENIED_CALLBACK_ACE_TYPE
0x0A
Access-denied callback ACE that uses the ACCESS_DENIED_CALLBACK_ACE (section 2.4.4.7) structure.<49>
ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE
0x0B
Object-specific access-allowed callback ACE that uses the ACCESS_ALLOWED_CALLBACK_OBJECT_ACE (section 2.4.4.8) structure.<50>
ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE
0x0C
Object-specific access-denied callback ACE that uses the ACCESS_DENIED_CALLBACK_OBJECT_ACE (section 2.4.4.9) structure.<51>
SYSTEM_AUDIT_CALLBACK_ACE_TYPE
0x0D
System-audit callback ACE that uses the SYSTEM_AUDIT_CALLBACK_ACE (section 2.4.4.12) structure.<52>
SYSTEM_ALARM_CALLBACK_ACE_TYPE
0x0E
Reserved for future use.
SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE
0x0F
Object-specific system-audit callback ACE that uses the SYSTEM_AUDIT_CALLBACK_OBJECT_ACE (section 2.4.4.14) structure.
SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE
0x10
Reserved for future use.
SYSTEM_MANDATORY_LABEL_ACE_TYPE
0x11
Mandatory label ACE that uses the SYSTEM_MANDATORY_LABEL_ACE (section 2.4.4.13) structure.
SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE
0x12
Resource attribute ACE that uses the SYSTEM_RESOURCE_ATTRIBUTE_ACE (section 2.4.4.15)
SYSTEM_SCOPED_POLICY_ID_ACE_TYPE
0x13
A central policy ID ACE that uses the SYSTEM_SCOPED_POLICY_ID_ACE (section 2.4.4.16)
-
The term "callback" in this context does not relate to RPC call backs. <53>
AceFlags (1 byte): An unsigned 8-bit integer that specifies a set of ACE type-specific control flags. This field can be a combination of the following values.
-
Value
Meaning
CONTAINER_INHERIT_ACE
0x02
Child objects that are containers, such as directories, inherit the ACE as an effective ACE. The inherited ACE is inheritable unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.
FAILED_ACCESS_ACE_FLAG
0x80
Used with system-audit ACEs in a system access control list (SACL) to generate audit messages for failed access attempts.
INHERIT_ONLY_ACE
0x08
Indicates an inherit-only ACE, which does not control access to the object to which it is attached. If this flag is not set, the ACE is an effective ACE that controls access to the object to which it is attached.
Both effective and inherit-only ACEs can be inherited depending on the state of the other inheritance flags.
INHERITED_ACE
0x10
Used to indicate that the ACE was inherited.<54> See section 2.5.3.5 for processing rules for setting this flag.
NO_PROPAGATE_INHERIT_ACE
0x04
If the ACE is inherited by a child object, the system clears the OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags in the inherited ACE. This prevents the ACE from being inherited by subsequent generations of objects.
OBJECT_INHERIT_ACE
0x01
Noncontainer child objects inherit the ACE as an effective ACE.
For child objects that are containers, the ACE is inherited as an inherit-only ACE unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.
SUCCESSFUL_ACCESS_ACE_FLAG
0x40
Used with system-audit ACEs in a SACL to generate audit messages for successful access attempts.
AceSize (2 bytes): An unsigned 16-bit integer that specifies the size, in bytes, of the ACE. The AceSize field can be greater than the sum of the individual fields, but MUST be a multiple of 4 to ensure alignment on a DWORD boundary. In cases where the AceSize field encompasses additional data for the callback ACEs types, that data is implementation-specific. Otherwise, this additional data is not interpreted and MUST be ignored.