ACCESS_DENIED_CALLBACK_ACE structure (winnt.h)
The ACCESS_DENIED_CALLBACK_ACE structure defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-denied ACE denies access to an object for a specific trustee identified by a security identifier (SID).
When the AuthzAccessCheck function is called, each ACCESS_DENIED_CALLBACK_ACE structure contained in the DACL of a SECURITY_DESCRIPTOR structure passed through a pointer to the AuthzAccessCheck function invokes a call to the application–defined AuthzAccessCheckCallback function, in which a pointer to the ACCESS_DENIED_CALLBACK_ACE structure found is passed in the pAce parameter.
Syntax
typedef struct _ACCESS_DENIED_CALLBACK_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD SidStart;
} ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE;
Members
Header
ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control inheritance of the ACE by child objects. The AceType member of the ACE_HEADER structure should be set to ACCESS_DENIED_CALLBACK_ACE_TYPE, and the AceSize member should be set to the total number of bytes allocated for the ACCESS_DENIED_CALLBACK_ACE structure.
Mask
Specifies an ACCESS_MASK structure that specifies the access rights explicitly denied by this ACE.
SidStart
The first DWORD of a trustee's SID. The remaining bytes of the SID are stored in contiguous memory after the SidStart member. This SID can be appended with application data.
Remarks
ACE structures must be aligned on DWORD boundaries. All Windows memory-management functions return DWORD-aligned handles to memory.
The access rights specified by the Mask member are granted to any trustee that possesses an enabled SID that matches the SID stored in the SidStart member.
When an ACCESS_DENIED_CALLBACK_ACE structure is created, sufficient memory must be allocated to accommodate the complete SID of the trustee in the SidStart member and the contiguous memory that follows it.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Header | winnt.h (include Windows.h) |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for