| UID | title | description | helpviewer_keywords | old-location | tech.root | ms.assetid | ms.date | ms.keywords | req.header | req.include-header | req.target-type | req.target-min-winverclnt | req.target-min-winversvr | req.kmdf-ver | req.umdf-ver | req.ddi-compliance | req.unicode-ansi | req.idl | req.max-support | req.namespace | req.assembly | req.type-library | req.lib | req.dll | req.irql | targetos | req.typenames | req.redist | ms.custom | f1_keywords | dev_langs | topic_type | api_type | api_location | api_name | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
NF:winbase.AddConditionalAce |
AddConditionalAce function (winbase.h) |
Adds a conditional access control entry (ACE) to the specified access control list (ACL). |
|
security\addconditionalace.htm |
security |
89f038be-d15c-4c0b-8145-ba531bdf87ce |
12/05/2018 |
ACCESS_ALLOWED_CALLBACK_ACE_TYPE, ACCESS_DENIED_CALLBACK_ACE_TYPE, AddConditionalAce, AddConditionalAce function [Security], CONTAINER_INHERIT_ACE, INHERITED_ACE, INHERIT_ONLY_ACE, NO_PROPAGATE_INHERIT_ACE, OBJECT_INHERIT_ACE, SYSTEM_AUDIT_CALLBACK_ACE_TYPE, security.addconditionalace, winbase/AddConditionalAce |
winbase.h |
Windows.h |
Windows |
Windows 7 [desktop apps only] |
Windows Server 2008 R2 [desktop apps only] |
Advapi32.lib |
Advapi32.dll |
Windows |
19H1 |
|
|
|
|
|
|
The AddConditionalAce function adds a conditional access control entry (ACE) to the specified access control list (ACL). A conditional ACE specifies a logical condition that is evaluated during access checks.
A pointer to an ACL. This function adds an ACE to this ACL.
The value of this parameter cannot be NULL.
Specifies the revision level of the ACL being modified. This value can be ACL_REVISION or ACL_REVISION_DS. Use ACL_REVISION_DS if the ACL contains object-specific ACEs.
A set of bit flags that control ACE inheritance. The function sets these flags in the AceFlags member of the ACE_HEADER structure of the new ACE. This parameter can be a combination of the following values.
The type of the ACE.
This can be one of the following values.
| Value | Meaning |
|---|---|
|
Access-allowed callback ACE that uses the ACCESS_ALLOWED_CALLBACK_ACE structure. |
|
Access-denied callback ACE that uses the ACCESS_DENIED_CALLBACK_ACE structure. |
|
System audit callback ACE that uses the SYSTEM_AUDIT_CALLBACK_ACE structure. |
Specifies the mask of access rights to be granted to the specified SID.
A pointer to the SID that represents a user, group, or logon account being granted access.
A string that specifies the conditional statement to be evaluated for the ACE.
The size, in bytes, of the ACL. If the buffer specified by the pACL parameter is not of sufficient size, the value of this parameter is the required size.
If the function succeeds, it returns TRUE.
If the function fails, it returns FALSE. For extended error information, call GetLastError. The following are possible error values.
| Return code | Description |
|---|---|
|
The new ACE does not fit into the pAcl buffer. |