RtlAddAce function (ntifs.h)
The RtlAddAce routine adds one or more access control entries (ACEs) to a specified access control list (ACL).
Syntax
NTSYSAPI NTSTATUS RtlAddAce(
[in, out] PACL Acl,
[in] ULONG AceRevision,
[in] ULONG StartingAceIndex,
[in] PVOID AceList,
[in] ULONG AceListLength
);
Parameters
[in, out] Acl
Pointer to the ACL to be modified. RtlAddAce adds the specified ACEs to this ACL.
[in] AceRevision
ACL revision level of the ACE to be added. Windows version requirements are the following:
| Value | Meaning |
|---|---|
| ACL_REVISION | The revision level valid on all Windows versions. |
| ACL_REVISION_DS | The revision level valid starting with Windows 2000. |
AceRevision must be ACL_REVISION_DS if the ACL in Acl contains an object-specific ACE.
[in] StartingAceIndex
Specifies the position in the ACL's list of ACEs at which to add new ACEs. A value of zero inserts the ACEs at the beginning of the list. A value of MAXULONG appends the ACEs to the end of the list.
[in] AceList
Pointer to a buffer containing a list of one or more ACEs to be added to the specified ACL. The ACEs in the list must be stored contiguously.
[in] AceListLength
Size, in bytes, of the input buffer pointed to by the AceList parameter.
Return value
RtlAddAce returns STATUS_SUCCESS or an appropriate NTSTATUS value such as one of the following:
| Return code | Description |
|---|---|
| STATUS_BUFFER_TOO_SMALL | The new ACEs do not fit into the ACL. A larger ACL buffer is required. STATUS_BUFFER_TOO_SMALL is an error code. |
| STATUS_INVALID_PARAMETER | One of the parameter values was invalid. Possible reasons include that the specified ACL is invalid or the specified revision is unknown, is not compatible with revisions in the ACE list, or is not compatible with the revision of the ACL. STATUS_INVALID_PARAMETER is an error code. |
Remarks
For information about calculating the size of an ACL, see the Remarks section of the reference entry for RtlCreateAcl.
To obtain a pointer to an ACE in an ACL, use RtlGetAce.
To delete an ACE from an ACL, use RtlDeleteAce.
To add an access-allowed ACE to an ACL, use RtlAddAccessAllowedAce.
For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Server 2003 with SP1 |
| Target Platform | Universal |
| Header | ntifs.h (include Ntifs.h) |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe (kernel mode); Ntdll.dll (user mode) |
| IRQL | <= APC_LEVEL |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for