Microsoft KB Archive/198529

= AceType Bit Values to Use in Creating ACLs in P&M =

Article ID: 198529

Article Last Modified on 3/21/2005

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition
 * Microsoft Active Directory Service Interfaces 2.5

-



This article was previously published under Q198529



SUMMARY
This article describes which values to assign to the AceType bit when programmatically accessing and manipulating the LDAP Directory Store Access Control Lists through ADSI. This article does not apply to tools such as Membership Directory Manager.

Each ACE has a field called AceType. AceType indicates the type of ACE. Possible values for the Site Server DS are as follows:   * ADS_ACETYPE_ACCESS_ALLOWED:  value of 0 * ADS_ACETYPE_ACCESS_DENIED: value of 1 * ADS_ACETYPE_ACCESS_ALLOWED_OBJECT: value of 5 * ADS_ACETYPE_ACCESS_DENIED_OBJECT: value of 6 The latter two settings are used only if the ObjectType field contains a GUID.

The ObjectType field contains a GUID that refers to a class or attribute. If the GUID refers to a class, then the ADS_RIGHT_DS_READ_PROP or ADS_RIGHT_DS_WRITE_PROP access masks must be set. This corresponds to setting an ACL that allows a security principal to read or write a specific attribute, for example "grant Joe the right to read or write the 'userPassword' attribute."

If the GUID refers to an attribute, then the ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_DELETE_CHILD access masks must be set. This corresponds to setting an ACL that allows a security principal to create or delete child objects of a specific class, for example "grant Joe the right to create or delete objects of class 'organizationalUnit' under the target object."

For more information regarding the AceType setting, see the Microsoft Site Server 3.0 SDK. The SDK contains a script that documents the different parameters and flags for ACEs and ACLs. This is the same standard used by ADSI.

Keywords: kbinfo kbnofix KB198529

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.