SetEntriesInAuditList

[This is preliminary documentation and subject to change.]

The SetEntriesInAuditList function creates a new audit-control list by merging specified audit-control information into an existing audit-control list. You can specify audit-control information for an object or for a specified property on an object. 

DWORD SetEntriesInAuditList(
  ULONG cEntries,      // Number of entries in the entry list
  PACTRL_ACCESS_ENTRY pAccessEntryList,
                       // array of audit-control entry information
  ACCESS_MODE AccessMode,  //
  LPCTSTR lpProperty,  // GUID string of a property
  PACTRL_AUDIT pOldList,
                       // pointer to the old audit-control list
  PACTRL_AUDIT *ppNewList  // receives a pointer to the new list
);

Parameters

cEntries
Specifies the number of entries in the pAccessEntryList array.
pAccessEntryList
Pointer to an array of ACTRL_ACCESS_ENTRY structures. Each entry in the array specifies audit-control information for a trustee.
AccessMode
A flag that indicates how to combine the new entries in the pAccessEntryList array with the existing entries in the pOldList audit-control list. This parameter can be one of the following values from the ACCESS_MODE enumeration.
Value Meaning
GRANT_ACCESS Adds the new entries to the front of the audit-control list. Existing entries are not removed from the list.
REVOKE_ACCESS Remove from the existing list explicit entries for trustees specified in the pAccessEntryList array.
SET_ACCESS Adds the new entries to the front of the audit-control list. Existing entries for the same trustees are removed from the list.

If you specify REVOKE_ACCESS or SET_ACCESS, the function can remove entries for trustees specified in the pAccessEntryList array. However, the function's behavior depends on the lpProperty parameter. If lpProperty is non-NULL, the function removes only the object-specific entries that apply to the properties, property sets, or child objects identified by lpProperty. However, if lpProperty is NULL, the function removes all entries for the specified trustees, including any object-specific entries, as well as entries for the object itself.

lpProperty
Pointer to a null-terminated string that identifes a type of object. This string can be the display name of the object, or it can be a string representation of the GUID that identifies the object. You can use the UuidToString function to generate a string representation of a GUID.

Use this parameter to create object-specific ACEs that apply to a child object, property set, or property of the object. If this parameter is NULL, the audit-control information applies to the object itself.

pOldList
Pointer to an existing ACTRL_AUDIT structure containing the audit-control list to be modified.
ppNewList
Pointer to a variable that receives a pointer to an ACTRL_AUDIT structure containing the new audit-control list. Call the LocalFree function to free the returned buffer.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value can be one of the following error codes.

Value Meaning
ERROR_INVALID_PARAMETER An invalid parameter was specified.
ERROR_NOT_ENOUGH_MEMORY A memory allocation failed.

QuickInfo

  Windows NT: Requires version 5.0 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in aclapi.h.
  Import Library: Use advapi32.lib.
  Unicode: Implemented as Unicode and ANSI versions on Windows NT.

See Also

Access Control Overview, Access Control Functions, ACTRL_ACCESS_ENTRY, ACTRL_AUDIT, ACTRL_PROPERTY_ENTRY, LocalFree, SetEntriesInAccessList