UID	NS:winnt._ACE_HEADER
title	ACE_HEADER (winnt.h)
description	Defines the type and size of an access control entry (ACE).
helpviewer_keywords	*PACE_HEADER ACCESS_ALLOWED_ACE_TYPE ACCESS_ALLOWED_CALLBACK_ACE_TYPE ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE ACCESS_ALLOWED_COMPOUND_ACE_TYPE ACCESS_ALLOWED_OBJECT_ACE_TYPE ACCESS_DENIED_ACE_TYPE ACCESS_DENIED_CALLBACK_ACE_TYPE ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE ACCESS_DENIED_OBJECT_ACE_TYPE ACCESS_MAX_MS_ACE_TYPE ACCESS_MAX_MS_OBJECT_ACE_TYPE ACCESS_MAX_MS_V2_ACE_TYPE ACCESS_MAX_MS_V3_ACE_TYPE ACCESS_MAX_MS_V4_ACE_TYPE ACCESS_MIN_MS_ACE_TYPE ACCESS_MIN_MS_OBJECT_ACE_TYPE ACE_HEADER ACE_HEADER structure [Security] CONTAINER_INHERIT_ACE FAILED_ACCESS_ACE_FLAG INHERITED_ACE INHERIT_ONLY_ACE NO_PROPAGATE_INHERIT_ACE OBJECT_INHERIT_ACE PACE_HEADER PACE_HEADER structure pointer [Security] SUCCESSFUL_ACCESS_ACE_FLAG SYSTEM_ALARM_ACE_TYPE SYSTEM_ALARM_CALLBACK_ACE_TYPE SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE SYSTEM_ALARM_OBJECT_ACE_TYPE SYSTEM_AUDIT_ACE_TYPE SYSTEM_AUDIT_CALLBACK_ACE_TYPE SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE SYSTEM_AUDIT_OBJECT_ACE_TYPE SYSTEM_MANDATORY_LABEL_ACE_TYPE _ACE_HEADER _win32_ace_header_str security.ace_header winnt/ACE_HEADER winnt/PACE_HEADER
old-location	security\ace_header.htm
tech.root	security
ms.assetid	d23f15d6-0453-4aaf-a2db-7528b551a992
ms.date	12/05/2018
ms.keywords	*PACE_HEADER, ACCESS_ALLOWED_ACE_TYPE, ACCESS_ALLOWED_CALLBACK_ACE_TYPE, ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE, ACCESS_ALLOWED_COMPOUND_ACE_TYPE, ACCESS_ALLOWED_OBJECT_ACE_TYPE, ACCESS_DENIED_ACE_TYPE, ACCESS_DENIED_CALLBACK_ACE_TYPE, ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE, ACCESS_DENIED_OBJECT_ACE_TYPE, ACCESS_MAX_MS_ACE_TYPE, ACCESS_MAX_MS_OBJECT_ACE_TYPE, ACCESS_MAX_MS_V2_ACE_TYPE, ACCESS_MAX_MS_V3_ACE_TYPE, ACCESS_MAX_MS_V4_ACE_TYPE, ACCESS_MIN_MS_ACE_TYPE, ACCESS_MIN_MS_OBJECT_ACE_TYPE, ACE_HEADER, ACE_HEADER structure [Security], CONTAINER_INHERIT_ACE, FAILED_ACCESS_ACE_FLAG, INHERITED_ACE, INHERIT_ONLY_ACE, NO_PROPAGATE_INHERIT_ACE, OBJECT_INHERIT_ACE, PACE_HEADER, PACE_HEADER structure pointer [Security], SUCCESSFUL_ACCESS_ACE_FLAG, SYSTEM_ALARM_ACE_TYPE, SYSTEM_ALARM_CALLBACK_ACE_TYPE, SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE, SYSTEM_ALARM_OBJECT_ACE_TYPE, SYSTEM_AUDIT_ACE_TYPE, SYSTEM_AUDIT_CALLBACK_ACE_TYPE, SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE, SYSTEM_AUDIT_OBJECT_ACE_TYPE, SYSTEM_MANDATORY_LABEL_ACE_TYPE, _ACE_HEADER, _win32_ace_header_str, security.ace_header, winnt/ACE_HEADER, winnt/PACE_HEADER
req.header	winnt.h
req.include-header	Windows.h
req.target-type	Windows
req.target-min-winverclnt	Windows XP [desktop apps only]
req.target-min-winversvr	Windows Server 2003 [desktop apps only]
req.kmdf-ver
req.umdf-ver
req.ddi-compliance
req.unicode-ansi
req.idl
req.max-support
req.namespace
req.assembly
req.type-library
req.lib
req.dll
req.irql
targetos	Windows
req.typenames	ACE_HEADER
req.redist
ms.custom	19H1
f1_keywords	_ACE_HEADER winnt/_ACE_HEADER ACE_HEADER winnt/ACE_HEADER
dev_langs	c++
topic_type	APIRef kbSyntax
api_type	HeaderDef
api_location	Winnt.h
api_name	ACE_HEADER

ACE_HEADER structure

-description

The ACE_HEADER structure defines the type and size of an access control entry (ACE).

-struct-fields

-field AceType

Specifies the ACE type. This member can be one of the following values.

Value	Meaning
ACCESS_ALLOWED_ACE_TYPE	Access-allowed ACE that uses the ACCESS_ALLOWED_ACE structure.
ACCESS_ALLOWED_CALLBACK_ACE_TYPE	Access-allowed callback ACE that uses the ACCESS_ALLOWED_CALLBACK_ACE structure.
ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE	Object-specific access-allowed callback ACE that uses the ACCESS_ALLOWED_CALLBACK_OBJECT_ACE structure.
ACCESS_ALLOWED_COMPOUND_ACE_TYPE	Reserved.
ACCESS_ALLOWED_OBJECT_ACE_TYPE	Object-specific access-allowed ACE that uses the ACCESS_ALLOWED_OBJECT_ACE structure.
ACCESS_DENIED_ACE_TYPE	Access-denied ACE that uses the ACCESS_DENIED_ACE structure.
ACCESS_DENIED_CALLBACK_ACE_TYPE	Access-denied callback ACE that uses the ACCESS_DENIED_CALLBACK_ACE structure.
ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE	Object-specific access-denied callback ACE that uses the ACCESS_DENIED_CALLBACK_OBJECT_ACE structure.
ACCESS_DENIED_OBJECT_ACE_TYPE	Object-specific access-denied ACE that uses the ACCESS_DENIED_OBJECT_ACE structure.
ACCESS_MAX_MS_ACE_TYPE	Same as SYSTEM_ALARM_OBJECT_ACE_TYPE.
ACCESS_MAX_MS_V2_ACE_TYPE	Same as SYSTEM_ALARM_ACE_TYPE.
ACCESS_MAX_MS_V3_ACE_TYPE	Reserved.
ACCESS_MAX_MS_V4_ACE_TYPE	Same as SYSTEM_ALARM_OBJECT_ACE_TYPE.
ACCESS_MAX_MS_OBJECT_ACE_TYPE	Same as SYSTEM_ALARM_OBJECT_ACE_TYPE.
ACCESS_MIN_MS_ACE_TYPE	Same as ACCESS_ALLOWED_ACE_TYPE.
ACCESS_MIN_MS_OBJECT_ACE_TYPE	Same as ACCESS_ALLOWED_OBJECT_ACE_TYPE.
SYSTEM_ALARM_ACE_TYPE	Reserved for future use. System-alarm ACE that uses the SYSTEM_ALARM_ACE structure.
SYSTEM_ALARM_CALLBACK_ACE_TYPE	Reserved for future use. System-alarm callback ACE that uses the SYSTEM_ALARM_CALLBACK_ACE structure.
SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE	Reserved for future use. Object-specific system-alarm callback ACE that uses the SYSTEM_ALARM_CALLBACK_OBJECT_ACE structure.
SYSTEM_ALARM_OBJECT_ACE_TYPE	Reserved for future use. Object-specific system-alarm ACE that uses the SYSTEM_ALARM_OBJECT_ACE structure.
SYSTEM_AUDIT_ACE_TYPE	System-audit ACE that uses the SYSTEM_AUDIT_ACE structure.
SYSTEM_AUDIT_CALLBACK_ACE_TYPE	System-audit callback ACE that uses the SYSTEM_AUDIT_CALLBACK_ACE structure.
SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE	Object-specific system-audit callback ACE that uses the SYSTEM_AUDIT_CALLBACK_OBJECT_ACE structure.
SYSTEM_AUDIT_OBJECT_ACE_TYPE	Object-specific system-audit ACE that uses the SYSTEM_AUDIT_OBJECT_ACE structure.
SYSTEM_MANDATORY_LABEL_ACE_TYPE 0x11	Mandatory label ACE that uses the SYSTEM_MANDATORY_LABEL_ACE structure.

-field AceFlags

Specifies a set of ACE type-specific control flags. This member can be a combination of the following values.

Value	Meaning
CONTAINER_INHERIT_ACE	Child objects that are containers, such as directories, inherit the ACE as an effective ACE. The inherited ACE is inheritable unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.
FAILED_ACCESS_ACE_FLAG	Used with system-audit ACEs in a system access control list (SACL) to generate audit messages for failed access attempts.
INHERIT_ONLY_ACE	Indicates an inherit-only ACE, which does not control access to the object to which it is attached. If this flag is not set, the ACE is an effective ACE which controls access to the object to which it is attached. Both effective and inherit-only ACEs can be inherited depending on the state of the other inheritance flags.
INHERITED_ACE	Indicates that the ACE was inherited. The system sets this bit when it propagates an inherited ACE to a child object.
NO_PROPAGATE_INHERIT_ACE	If the ACE is inherited by a child object, the system clears the OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags in the inherited ACE. This prevents the ACE from being inherited by subsequent generations of objects.
OBJECT_INHERIT_ACE	Noncontainer child objects inherit the ACE as an effective ACE. For child objects that are containers, the ACE is inherited as an inherit-only ACE unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.
SUCCESSFUL_ACCESS_ACE_FLAG	Used with system-audit ACEs in a SACL to generate audit messages for successful access attempts.

-field AceSize

Specifies the size, in bytes, of the ACE.

-remarks

The ACE_HEADER structure is the first member of the various types of ACE structures, such as ACCESS_ALLOWED_ACE.

System-alarm ACEs are not currently supported. The AceType member cannot specify the SYSTEM_ALARM_ACE_TYPE or SYSTEM_ALARM_OBJECT_ACE_TYPE values. Do not use the SYSTEM_ALARM_ACE or SYSTEM_ALARM_OBJECT_ACE structures.

-see-also

ACCESS_ALLOWED_ACE

ACCESS_ALLOWED_OBJECT_ACE

ACCESS_DENIED_ACE

ACCESS_DENIED_OBJECT_ACE

ACL

SYSTEM_AUDIT_ACE

SYSTEM_AUDIT_OBJECT_ACE