The AddAccessAllowedAce function adds an access-allowed ACE to an ACL. The access is granted to a specified SID.
An ACE is an access-control entry. An ACL is an access-control list. A SID is a security identifier.
BOOL AddAccessAllowedAce(
PACL pAcl, // pointer to access-control list
DWORD dwAceRevision, // ACL revision level
DWORD AccessMask, // access mask
PSID pSid // pointer to security identifier
);
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
The addition of an access-allowed ACE to an ACL is the most common form of ACL modification.
The AddAccessAllowedAce and AddAccessDeniedAce functions add a new ACE to the end of the list of ACEs for the ACL. These functions do not automatically place the new ACE in the proper canonical order. It is the caller's responsibility to ensure that the ACL is in canonical order by adding ACEs in the proper sequence. For Windows NT versions 4.0 and earlier, the canonical order for a DACL places all access-denied ACEs before any access-allowed ACEs.
The ACE_HEADER structure placed in the ACE by the AddAccessAllowedAce function specifies a type and size, but provides no inheritance and no ACE flags.
Windows NT: Requires version 3.1 or later.
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in winbase.h.
Import Library: Use advapi32.lib.
Low-Level Access-Control Overview, Low-Level Access Control Functions, ACCESS_ALLOWED_ACE, ACE_HEADER, ACL, AddAccessDeniedAce, AddAce, AddAuditAccessAce, DeleteAce, GetAce