Edit

RtlAddAccessAllowedAce function (ntifs.h)

  • Article

The RtlAddAccessAllowedAce routine adds an access-allowed access control entry (ACE) to an access control list (ACL). The access is granted to the specified security identifier (SID).

Syntax

NTSYSAPI NTSTATUS RtlAddAccessAllowedAce(
  [in, out] PACL        Acl,
  [in]      ULONG       AceRevision,
  [in]      ACCESS_MASK AccessMask,
  [in]      PSID        Sid
);

Parameters

[in, out] Acl

Pointer to a caller-allocated buffer containing the ACL to be modified. RtlAddAccessAllowedAce adds an access-allowed ACE to the end of this ACL. The ACE is in the form of an ACCESS_ALLOWED_ACE structure.

[in] AceRevision

ACL revision level of the ACE to be added. Windows version requirements are the following:

Value Meaning
ACL_REVISION
 The revision level valid on all Windows versions.
ACL_REVISION_DS
 The revision level valid starting with Windows 2000.
Note  AceRevision must be ACL_REVISION_DS if the ACL in Acl contains an object-specific ACE.
 

[in] AccessMask

Bitmask of one or more ACCESS_MASK flags specifying the access rights to be granted to the specified SID. For more information, see the description of the DesiredAccess parameter of ZwCreateFile.

[in] Sid

Pointer to the SID structure representing a user, group, or logon account that is being granted access.

Return value

RtlAddAccessAllowedAce can return one of the following values:

Return code Description
STATUS_SUCCESS
 The ACE was successfully added.
STATUS_ALLOTTED_SPACE_EXCEEDED
 A new ACE does not fit into the ACL. A larger ACL buffer is required. See RtlCreateAcl for information about calculating the size of an ACL.
STATUS_INVALID_ACL
 The specified ACL is not properly formed.
STATUS_INVALID_SID
 The specified SID structure is not structurally valid.
STATUS_REVISION_MISMATCH
 The specified revision is not known or is not compatible with that of the ACL.

Remarks

For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.

Requirements

Requirement Value
Target Platform Universal
Header ntifs.h (include Ntifs.h)
Library NtosKrnl.lib
DLL NtosKrnl.exe
IRQL < DISPATCH_LEVEL

See also

ACCESS_ALLOWED_ACE

ACCESS_MASK

ACE

ACL

RtlCreateAcl

RtlCreateSecurityDescriptor

RtlCreateSecurityDescriptorRelative

RtlLengthSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlValidSecurityDescriptor

SID

SeAssignSecurity

ZwCreateFile