[New - Windows NT]
The GetExplicitEntriesFromAcl function retrieves an array of EXPLICIT_ACCESS structures that describe the access-control entries (ACEs) in an access-control list (ACL).
DWORD GetExplicitEntriesFromAcl(
| PACL pacl, | // pointer to the ACL from which to get entries |
| PULONG pcCountOfExplicitEntries, | // receives number of entries in the list |
| PEXPLICIT_ACCESS * pListOfExplicitEntries | // receives pointer to list of entries |
| ); |
Parameters
pacl
Pointer to an ACL from which to get ACE information.
pcCountOfExplicitEntries
Pointer to a variable that receives the number of EXPLICIT_ACCESS structures returned in the pListOfExplicitEntries array.
pListOfExplicitEntries
Pointer to a variable that receives a pointer to an array of EXPLICIT_ACCESS structures that describe the ACEs in the ACL. If the function succeeds, you must call the LocalFree function to free the returned buffer.
Return Values
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is a nonzero error code defined in WINERROR.H.
Remarks
Each entry in the array of EXPLICIT_ACCESS structures describes access control information from an ACE for a trustee. A trustee can be a user, group, or program (such as a Windows NT service).
Each EXPLICIT_ACCESS structure specifies a set of access rights and an access mode flag that indicates whether the ACE allows, denies, or audits the specified rights.
For a discretionary ACL (DACL), the access mode flag can be one of the following values from the ACCESS_MODE enumeration.
| Value | Meaning |
| SET_ACCESS | Indicates that an access-allowed ACE for the trustee allows the specified access rights. |
| DENY_ACCESS | Indicates that an access-denied ACE for the trustee denies the specified access rights. |
For a system ACL (SACL), the access mode flag can be a combination of the following values from the ACCESS_MODE enumeration.
| Value | Meaning |
| SET_AUDIT_SUCCESS | Indicates that a system-audit ACE for the trustee generates audit messages for successful attempts to use the specified access rights. |
| SET_AUDIT_FAILURE | Indicates that a system-audit ACE for the trustee generates audit messages for failed attempts to use the specified access rights. |
See Also
ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, ACE, ACL, EXPLICIT_ACCESS, LocalFree, SYSTEM_AUDIT_ACE