Freigeben über


2.4.4.9 ACCESS_DENIED_CALLBACK_OBJECT_ACE

The ACCESS_DENIED_CALLBACK_OBJECT_ACE structure defines an ACE that controls denied access to an object, a property set, or property. The ACE contains a set of user rights, a GUID that identifies the type of object, and a SID that identifies the trustee to whom the system will deny access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Header

Mask

Flags

ObjectType (16 bytes)

...

...

InheritedObjectType (16 bytes)

...

...

Sid (variable)

...

ApplicationData (variable)

...

Header (4 bytes): An ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by child objects.

Mask (4 bytes): An ACCESS_MASK structure that specifies the user rights denied by this ACE.

Value

Meaning

ADS_RIGHT_DS_CONTROL_ACCESS

0X00000100

The ObjectType GUID identifies an extended access right.

ADS_RIGHT_DS_CREATE_CHILD

0X00000001

The ObjectType GUID identifies a type of child object. The ACE controls the trustee's right to create this type of child object.

ADS_RIGHT_DS_READ_PROP

0x00000010

The ObjectType GUID identifies a property set or property of the object. The ACE controls the trustee's right to read the property or property set.

ADS_RIGHT_DS_WRITE_PROP

0x00000020

The ObjectType GUID identifies a property set or property of the object. The ACE controls the trustee's right to write the property or property set.

ADS_RIGHT_DS_SELF

0x00000008

The ObjectType GUID identifies a validated write.

Flags (4 bytes): A 32-bit unsigned integer that specifies a set of bit flags that indicate whether the ObjectType and InheritedObjectType fields contain valid data. This parameter can be one or more of the following values.

Value

Meaning

0x00000000

Neither ObjectType nor InheritedObjectType are valid.

ACE_OBJECT_TYPE_PRESENT

0x00000001

ObjectType is valid.

ACE_INHERITED_OBJECT_TYPE_PRESENT

0x00000002

InheritedObjectType is valid. If this value is not specified, all types of child objects can inherit the ACE.

ObjectType (16 bytes): A GUID that identifies a property set, property, extended right, or type of child object. The purpose of this GUID depends on the user rights specified in the Mask field. This field is valid only if the ACE _OBJECT_TYPE_PRESENT bit is set in the Flags field. Otherwise, the ObjectType field is ignored.

InheritedObjectType (16 bytes): A GUID that identifies the type of child object that can inherit the ACE. Inheritance is also controlled by the inheritance flags in the ACE_HEADER, as well as by any protection against inheritance placed on the child objects. This field is valid only if the ACE_INHERITED_OBJECT_TYPE_PRESENT bit is set in the Flags member. Otherwise, the InheritedObjectType field is ignored.

Sid (variable): The SID of a trustee. The length of the SID MUST be a multiple of 4.

ApplicationData (variable): Optional application data. The size of the application data is determined by the AceSize field of the ACE_HEADER.