Welcome  |  Sign in
Skip Navigation Links
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Security
Authorization
 AddMandatoryAce Function
AddMandatoryAce Function

The AddMandatoryAce function adds a SYSTEM_MANDATORY_LABEL_ACE access control entry (ACE) to the specified system access control list (SACL).

Syntax

BOOL WINAPI AddMandatoryAce(
  __inout  PACL pAcl,
  __in     DWORD dwAceRevision,
  __in     DWORD AceFlags,
  __in     DWORD MandatoryPolicy,
  __in     PSID pLabelSid
);

Parameters

pAcl [in, out]

A pointer to an SACL. This function adds a mandatory ACE to the end of this SACL. The ACE is in the form of a SYSTEM_MANDATORY_LABEL_ACE structure.

dwAceRevision [in]

The revision level of the SACL being modified. This value can be one of the following values.

Value Meaning

ACL_REVISION

The SACL does not contain object-specific ACEs.

ACL_REVISION_DS

The SACL contains object-specified ACEs.
AceFlags [in]

A set of bit flags that control ACE inheritance. This function sets these flags in the AceFlags member of the ACE_HEADER structure of the new ACE.

This parameter can be a combination of the following values.

Value Meaning

OBJECT_INHERIT_ACE
0x1

The ACE is inherited by noncontainer objects.

CONTAINER_INHERIT_ACE
0x2

The ACE is inherited by container objects.

NO_PROPAGATE_INHERIT_ACE
0x4

The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE bits are not propagated to an inherited ACE.

INHERIT_ONLY_ACE
0x8

The ACE does not apply to the object to which the SACL is assigned, but can be inherited by child objects.

INHERITED_ACE
0x10

The ACE is inherited. Operations that change the security on a tree of objects may modify inherited ACEs without changing ACEs that were directly applied to the object.
MandatoryPolicy [in]

The access policy for principals with a mandatory integrity level lower than the object associated with the SACL that contains this ACE.

Value Meaning

SYSTEM_MANDATORY_LABEL_NO_WRITE_UP
0x1

A principal with a lower mandatory level than the object cannot write to the object.

SYSTEM_MANDATORY_LABEL_NO_READ_UP
0x2

A principal with a lower mandatory level than the object cannot read the object.

SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP
0x4

A principal with a lower mandatory level than the object cannot execute the object.
pLabelSid [in]

A pointer to an SID that specifies the mandatory integrity level of the object associated with the SACL being appended.

Return Value

If the function succeeds, it returns TRUE.

If the function fails, it returns FALSE. For extended error information, call GetLastError.

Remarks

To compile an application that uses this function, define _WIN32_WINNT as 0x0600 or later. For more information, see Using the Windows Headers.

Requirements

Client Requires Windows Vista.
Server Requires Windows Server 2008.
Header

Declared in Winbase.h.
Library

Use Advapi32.lib.
DLL

Requires Advapi32.dll.

See Also

SYSTEM_MANDATORY_LABEL_ACE


Send comments about this topic to Microsoft

Build date: 7/31/2008

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Processing
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker