Microsoft KB Archive/254665

{|
 * width="100%"|

INFO: REVOKE_ACCESS May Not Delete the Specified TRUSTEE

 * }

Q254665

-

The information in this article applies to:


 * Microsoft Win32 Application Programming Interface (API), included with:
 * the operating system: Microsoft Windows 2000

-

SUMMARY
The SetEntriesInAcl function allows you to modify an access control list (ACL). Depending on how grfAccessMode in the EXPLICT_ACCESS structure is initialized, an access control entry (ACE) can be removed. SetEntriesInAcl may still succeed but not remove ACEs corresponding to the TRUSTEE.

MORE INFORMATION
The system uses three criteria to remove an ACE; it will not remove the ACE unless the Trustee, Access Permissions, and Inheritance flags are the same.

SetEntriesInAcl allows you to set the permissions for an ACE based on generic access permissions. When the security is applied to the object, the system uses the specified access permissions for the object. In this situation, if an attempt to remove an ACE is based on generic access permissions, SetEntriesInAcl will not remove the ACE because the actual ACE has permissions that are based on the specific permissions for the object, instead of the generic permissions.

Additional query words:

Keywords : kbAPI kbKernBase kbOSWin2000 kbSDKWin32 kbSecurity kbDSupport kbGrpDSKernBase

Issue type : kbinfo

Technology : kbAudDeveloper kbWin32sSearch kbWin32API