Access Control Entry


Access Control Entry (ACE) (Microsoft), is an entry in an Access Control List (ACL).

Access Control Entry contains a set of access rights and a Security Identifier (SID) that identifies a trustee for whom the rights are allowed, denied, or audit

There are six types of Access Control Entrys, three of which are supported by all securable objects.

The other three types are Object-specific ACEs supported by directory service objects.

All types of Access Control Entry contain the following Access Control information:

  • Security Identifier (SID) that identifies the trustee to which the Access Control Entry applies.
  • Access Mask - A 32-bit value that specifies the rights that are allowed or denied in an Access Control Entry. An access mask is also used to request access rights when an object is opened. specifies the access rights controlled by the Access Control Entry.
  • A flag that indicates the Access Control Entry Type
  • A set of bit flags that determine whether child containers or objects can inherit the ACE from the primary object to which the ACL is attached.

More Information#

There might be more information for this subject on one of the following: