| UID | title | description | helpviewer_keywords | old-location | tech.root | ms.assetid | ms.date | ms.keywords | req.header | req.include-header | req.target-type | req.target-min-winverclnt | req.target-min-winversvr | req.kmdf-ver | req.umdf-ver | req.ddi-compliance | req.unicode-ansi | req.idl | req.max-support | req.namespace | req.assembly | req.type-library | req.lib | req.dll | req.irql | targetos | req.typenames | req.redist | ms.custom | f1_keywords | dev_langs | topic_type | api_type | api_location | api_name | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
NS:winnt._ACL |
ACL (winnt.h) |
Header of an access control list (ACL). |
|
security\acl.htm |
security |
0073659f-c4d5-4aaf-aaa6-ea596d3bd8b9 |
12/05/2018 |
*PACL, ACL, ACL structure [Security], PACL, PACL structure pointer [Security], _ACL, _win32_acl_str, security.acl, winnt/ACL, winnt/PACL |
winnt.h |
Windows.h |
Windows |
Windows XP [desktop apps only] |
Windows Server 2003 [desktop apps only] |
Windows |
ACL |
19H1 |
|
|
|
|
|
|
The ACL structure is the header of an access control list (ACL). A complete ACL consists of an ACL structure followed by an ordered list of zero or more access control entries (ACEs).
Specifies the revision level of the ACL. This value should be ACL_REVISION, unless the ACL contains an object-specific ACE, in which case this value must be ACL_REVISION_DS. All ACEs in an ACL must be at the same revision level.
Specifies a zero byte of padding that aligns the AclRevision member on a 16-bit boundary.
Specifies the size, in bytes, of the ACL. This value includes the ACL structure, all the ACEs, and the potential unused memory.
Specifies the number of ACEs stored in the ACL.
Specifies two zero-bytes of padding that align the ACL structure on a 32-bit boundary.
An ACL includes a sequential list of zero or more ACEs. The individual ACEs in an ACL are numbered from 0 to n, where n+1 is the number of ACEs in the ACL. When editing an ACL, an application refers to an ACE within the ACL by the ACE's index.
There are two types of ACL: discretionary and system.
A discretionary access control list (DACL) is controlled by the owner of an object or anyone granted WRITE_DAC access to the object. It specifies the access particular users and groups can have to an object. For example, the owner of a file can use a DACL to control which users and groups can and cannot have access to the file.
An object can also have system-level security information associated with it, in the form of a system access control list (SACL) controlled by a system administrator. A SACL allows the system administrator to audit any attempts to gain access to an object.
For a list of currently defined ACE structures, see ACE.
A fourth ACE structure, SYSTEM_ALARM_ACE, is not currently supported.
The ACL structure is to be treated as though it were opaque and applications are not to attempt to work with its members directly. To ensure that ACLs are semantically correct, applications can use the functions listed in the See Also section to create and manipulate ACLs.
Each ACL and ACE structure begins on a DWORD boundary.
The maximum size for an ACL, including its ACEs, is 64 KB.