ACCESS_MODE

[New - Windows NT]

The ACCESS_MODE enumeration type contains values that indicate how the access rights in an EXPLICIT_ACCESS structure apply to the trustee. Functions such as SetEntriesInAcl and GetExplicitEntriesFromAcl use these values to set or retrieve information in an access-control entry (ACE).

typedef enum _ACCESS_MODE

{

NOT_USED_ACCESS = 0,

GRANT_ACCESS,

SET_ACCESS,

DENY_ACCESS,

REVOKE_ACCESS,

SET_AUDIT_SUCCESS,

SET_AUDIT_FAILURE

} ACCESS_MODE;

Enumerator Meaning
GRANT_ACCESS An input flag that creates an ACCESS_ALLOWED_ACE. The new ACE combines the specified rights with any existing allowed or denied rights of the trustee.
SET_ACCESS Indicates an ACCESS_ALLOWED_ACE that allows the specified rights.

On input, this flag discards any existing access-control information for the trustee.

DENY_ACCESS Indicates an ACCESS_DENIED_ACE that denies the specified rights.

On input, this flag denies the specified rights in addition to any currently denied rights of the trustee. It also modifies or deletes any existing ACCESS_ALLOWED_ACE for the trustee that allows the specified rights.

REVOKE_ACCESS An input flag that removes all existing ACCESS_DENIED_ACE, ACCESS_ALLOWED_ACE, or SYSTEM_AUDIT_ACEs for the specified trustee.
SET_AUDIT_SUCCESS Indicates a SYSTEM_AUDIT_ACE that generates audit messages for successful attempts to use the specified access rights. You can combine this value with SET_AUDIT_FAILURE.

On input, this flag combines the specified rights with any existing audited access rights for the trustee.

SET_AUDIT_FAILURE Indicates a SYSTEM_AUDIT_ACE that generates audit messages for failed attempts to use the specified access rights. You can combine this value with SET_AUDIT_SUCCESS.

On input, this flag combines the specified rights with any existing audited access rights for the trustee.


See Also

ACCESS_DENIED_ACE, ACCESS_ALLOWED_ACE, ACE, EXPLICIT_ACCESS, GetExplicitEntriesFromAcl, SetEntriesInAcl, SYSTEM_AUDIT_ACE