SetEntriesInAccessList

[This is preliminary documentation and subject to change.]

The SetEntriesInAccessList function creates a new access-control list by merging specified access-control information into an existing access-control list. You can specify access-control information for an object or for a specified property on an object. 

DWORD SetEntriesInAccessList(
  ULONG cEntries,      // Number of entries in the entry list
  PACTRL_ACCESS_ENTRY pAccessEntryList,
                       // array of access-control entry information
  ACCESS_MODE AccessMode,  // merge, replace, or revoke trustee 
                           // access
  LPCTSTR lpProperty,  // GUID string of a property
  PACTRL_ACCESS pOldList,  // pointer to the old access-control list
  PACTRL_ACCESS *ppNewList
                       // receives a pointer to the new list
);

Parameters

cEntries
Specifies the number of entries in the pAccessEntryList array.
pAccessEntryList
Pointer to an array of ACTRL_ACCESS_ENTRY structures. Each entry in the array specifies access-control information for a trustee.
AccessMode
A flag that indicates how to combine the new entries in the pAccessEntryList array with the existing entries in the pOldList access-control list. This parameter can be one of the following values from the ACCESS_MODE enumeration.
Value Meaning
GRANT_ACCESS Adds the new entries to the front of the access-control list. Existing entries are not removed from the list.
REVOKE_ACCESS Remove from the existing list explicit entries for trustees specified in the pAccessEntryList array.
SET_ACCESS Adds the new entries to the front of the access-control list. Existing entries for the same trustees are removed from the list.

If you specify REVOKE_ACCESS or SET_ACCESS, the function can remove entries for trustees specified in the pAccessEntryList array. However, the function's behavior depends on the lpProperty parameter. If lpProperty is non-NULL, the function removes only the object-specific entries that apply to the properties, property sets, or child objects identified by lpProperty. However, if lpProperty is NULL, the function removes all entries for the specified trustees, including any object-specific entries, as well as entries for the object itself.

lpProperty
Pointer to a null-terminated string that identifes a type of object. This string can be the display name of the object, or it can be a string representation of the GUID that identifies the object. You can use the UuidToString function to generate a string representation of a GUID.

Use this parameter to create object-specific ACEs that apply to a child object, property set, or property of the object. If this parameter is NULL, the access-control information applies to the object itself.

pOldList
Pointer to an existing ACTRL_ACCESS structure containing the access-control list to be modified.
ppNewList
Pointer to a variable that receives a pointer to an ACTRL_ACCESS structure containing the new access-control list. Call the LocalFree function to free the returned buffer.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value can be one of the following error codes.

Value Meaning
ERROR_NOT_ENOUGH_MEMORY A memory allocation failed
ERROR_INVALID_PARAMETER An invalid parameter was specified.

QuickInfo

  Windows NT: Requires version 5.0 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in aclapi.h.
  Import Library: Use advapi32.lib.
  Unicode: Implemented as Unicode and ANSI versions on Windows NT.

See Also

Access Control Overview, Access Control Functions, SetEntriesInAuditList