description | ms.assetid | title | ms.topic | ms.date |
---|---|---|---|---|
Object-specific ACEs are supported for directory service (DS) objects. An object-specific ACE contains a pair of GUIDs that expand the ways in which the ACE can protect an object. |
37d353c0-ac22-430f-b5f3-15deb69be24b |
Object-specific ACEs |
article |
05/31/2018 |
Object-specific ACEs are supported for directory service (DS) objects. An object-specific ACE contains a pair of GUIDs that expand the ways in which the ACE can protect an object.
GUID | Description |
---|---|
ObjectType | Identifies one of the following:
|
InheritedObjectType | Indicates the type of child object that can inherit the ACE. Inheritance is also controlled by the inheritance flags in the ACE_HEADER, as well as by any protection against inheritance placed on the child objects. For more information, see ACE Inheritance. |
Three types of object-specific ACEs are supported.
Note
System-alarm object ACEs are not currently supported.
Type | Description |
---|---|
Access-denied object ACE | Used in a DACL to deny a trustee access to a property or property set on the object, or to limit ACE inheritance to a specified type of child object. Uses the ACCESS_DENIED_OBJECT_ACE structure. |
Access-allowed object ACE | Used in a DACL to allow a trustee access to a property or property set on the object, or to limit ACE inheritance to a specified type of child object. Uses the ACCESS_ALLOWED_OBJECT_ACE structure. |
System-audit object ACE | Used in a SACL to log a trustee's attempts to access a property or property set on the object, or to limit ACE inheritance to a specified type of child object. Uses the SYSTEM_AUDIT_OBJECT_ACE structure. |
Any ACL that contains an object-specific ACE must use the revision ACL_REVISION_DS.