The following table lists the three Access Control Entry Type supported by all securable objects:
| Type | Description |
|---|---|
| Access-denied ACE | Used in a Discretionary Access Control List (DACL) to deny access rights to a trustee. |
| Access-allowed ACE | Used in a Discretionary Access Control List (DACL) to allow access rights to a trustee. |
| System-audit ACE | Used in a System Access Control List (SACL) to generate an auditing record when the trustee attempts to exercise the specified access rights. |
| SYSTEM ALARM ACE | is not currently supported; but reserved for future use |