[New - Windows NT]
The GetEffectiveRightsFromAcl function retrieves the effective access rights that an ACL allows for a specified trustee. The trustee's effective access rights are the access rights that the ACL grants to the trustee or to any groups of which the trustee is a member. The function does not consider the security privileges held by the trustee in determining the effective access rights.
DWORD GetEffectiveRightsFromAcl(
| PACL pacl, | // ACL to get trustee's rights from |
| PTRUSTEE pTrustee, | // trustee to get rights for |
| PACCESS_MASK pAccessRights | // receives trustee's access rights |
| ); |
Parameters
pacl
Pointer to an ACL from which to get the trustee's effective access rights.
pTrustee
Pointer to a TRUSTEE structure that identifies the trustee. A trustee can be a user, group, or program (such as a Windows NT service). You can use a name or a security identifier (SID) to identify a trustee.
pAccessRights
Pointer to an ACCESS_MASK variable that receives the effective access rights of the trustee.
Return Values
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is a nonzero error code defined in WINERROR.H.
Remarks
The GetEffectiveRightsFromAcl function checks all access-allowed and access-denied ACEs in the ACL to determine the effective rights for the trustee. For all ACEs that allow or deny rights to a group, GetEffectiveRightsFromAcl enumerates the members of the group to determine whether the trustee is a member. The function returns an error if it cannot enumerate the members of a group.
See Also
ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACCESS_MASK, ACE, GetAuditedPermissionsFromAcl, SID, TRUSTEE