There are six types of Access Control Entrys, three of which are supported by all securable objects.
The other three types are Object-specific ACEs supported by directory service objects.
All types of Access Control Entry contain the following Access Control information:
- Security Identifier (SID) that identifies the trustee to which the Access Control Entry applies.
- Access Mask - A 32-bit value that specifies the rights that are allowed or denied in an Access Control Entry. An access mask is also used to request access rights when an object is opened. specifies the access rights controlled by the Access Control Entry.
- A flag that indicates the Access Control Entry Type
- A set of bit flags that determine whether child containers or objects can inherit the ACE from the primary object to which the ACL is attached.