The AddAccessDeniedAce function adds an access-denied ACE to an ACL. The access is denied to a specified SID.
An ACE is an access-control entry. An ACL is an access-control list. A SID is a security identifier.
BOOL AddAccessDeniedAce(
| PACL pAcl, | // pointer to access-control list |
| DWORD dwAceRevision, | // ACL revision level |
| DWORD AccessMask, | // access mask |
| PSID pSid | // pointer to security identifier |
| ); |
Parameters
pAcl
Pointer to an ACL structure. This function adds an access-denied ACE to this ACL. The ACE is in the form of an ACCESS_DENIED_ACE structure.
dwAceRevision
Specifies the revision level of the ACL being modified. Currently, this value must be ACL_REVISION.
AccessMask
Specifies the mask of access rights being denied to the specified SID.
pSid
Pointer to the SID structure representing the process being denied access.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Remarks
The ACE_HEADER structure placed in the ACE by the AddAccessDeniedAce function specifies a type and size, but provides no ACE flags.
See Also
ACCESS_DENIED_ACE, ACE_HEADER, ACL, AddAccessAllowedAce, AddAce, AddAuditAccessAce, DeleteAce, GetAce