ACE (jCIFS NG 2.1.3 API)

All Known Implementing Classes:

ACE
```
public interface ACE
```
An Access Control Entry (ACE) is an element in a security descriptor such as those associated with files and directories. The Windows OS determines which users have the necessary permissions to access objects based on these entries.
To fully understand the information exposed by this class a description of the access check algorithm used by Windows is required. The following is a basic description of the algorithm. For a more complete description we recommend reading the section on Access Control in Keith Brown's "The .NET Developer's Guide to Windows Security" (which is also available online).
Direct ACEs are evaluated first in order. The SID of the user performing the operation and the desired access bits are compared to the SID and access mask of each ACE. If the SID matches, the allow/deny flags and access mask are considered. If the ACE is a "deny" ACE and any of the desired access bits match bits in the access mask of the ACE, the whole access check fails. If the ACE is an "allow" ACE and all of the bits in the desired access bits match bits in the access mask of the ACE, the access check is successful. Otherwise, more ACEs are evaluated until all desired access bits (combined) are "allowed". If all of the desired access bits are not "allowed" the then same process is repeated for inherited ACEs.
For example, if user WNET\alice tries to open a file with desired access bits 0x00000003 (FILE_READ_DATA | FILE_WRITE_DATA) and the target file has the following security descriptor ACEs:
```
 Allow WNET\alice     0x001200A9  Direct
 Allow Administrators 0x001F01FF  Inherited
 Allow SYSTEM         0x001F01FF  Inherited
 
```
the access check would fail because the direct ACE has an access mask of 0x001200A9 which doesn't have the FILE_WRITE_DATA bit on (bit 0x00000002). Actually, this isn't quite correct. If WNET\alice is in the local Administrators group the access check will succeed because the inherited ACE allows local Administrators both FILE_READ_DATA and FILE_WRITE_DATA access.

Field Summary

Fields
Modifier and Type	Field and Description
`static int`	`DELETE`
`static int`	`FILE_APPEND_DATA`
`static int`	`FILE_DELETE`
`static int`	`FILE_EXECUTE`
`static int`	`FILE_READ_ATTRIBUTES`
`static int`	`FILE_READ_DATA`
`static int`	`FILE_READ_EA`
`static int`	`FILE_WRITE_ATTRIBUTES`
`static int`	`FILE_WRITE_DATA`
`static int`	`FILE_WRITE_EA`
`static int`	`FLAGS_CONTAINER_INHERIT`
`static int`	`FLAGS_INHERIT_ONLY`
`static int`	`FLAGS_INHERITED`
`static int`	`FLAGS_NO_PROPAGATE`
`static int`	`FLAGS_OBJECT_INHERIT`
`static int`	`GENERIC_ALL`
`static int`	`GENERIC_EXECUTE`
`static int`	`GENERIC_READ`
`static int`	`GENERIC_WRITE`
`static int`	`READ_CONTROL`
`static int`	`SYNCHRONIZE`
`static int`	`WRITE_DAC`
`static int`	`WRITE_OWNER`

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`int`	`getAccessMask()` Returns the access mask associated with this ACE.
`String`	`getApplyToText()` Returns the 'Apply To' text for inheritance of ACEs on directories such as 'This folder, subfolder and files'.
`int`	`getFlags()` Returns the flags for this ACE.
`SID`	`getSID()` Return the SID associated with this ACE.
`boolean`	`isAllow()` Returns true if this ACE is an allow ACE and false if it is a deny ACE.
`boolean`	`isInherited()` Returns true if this ACE is an inherited ACE and false if it is a direct ACE.

- Field Detail
  - FILE_READ_DATA
```
static final int FILE_READ_DATA
```
    See Also:
    
    Constant Field Values
  - FILE_WRITE_DATA
```
static final int FILE_WRITE_DATA
```
    See Also:
    
    Constant Field Values
  - FILE_APPEND_DATA
```
static final int FILE_APPEND_DATA
```
    See Also:
    
    Constant Field Values
  - FILE_READ_EA
```
static final int FILE_READ_EA
```
    See Also:
    
    Constant Field Values
  - FILE_WRITE_EA
```
static final int FILE_WRITE_EA
```
    See Also:
    
    Constant Field Values
  - FILE_EXECUTE
```
static final int FILE_EXECUTE
```
    See Also:
    
    Constant Field Values
  - FILE_DELETE
```
static final int FILE_DELETE
```
    See Also:
    
    Constant Field Values
  - FILE_READ_ATTRIBUTES
```
static final int FILE_READ_ATTRIBUTES
```
    See Also:
    
    Constant Field Values
  - FILE_WRITE_ATTRIBUTES
```
static final int FILE_WRITE_ATTRIBUTES
```
    See Also:
    
    Constant Field Values
  - DELETE
```
static final int DELETE
```
    See Also:
    
    Constant Field Values
  - READ_CONTROL
```
static final int READ_CONTROL
```
    See Also:
    
    Constant Field Values
  - WRITE_DAC
```
static final int WRITE_DAC
```
    See Also:
    
    Constant Field Values
  - WRITE_OWNER
```
static final int WRITE_OWNER
```
    See Also:
    
    Constant Field Values
  - SYNCHRONIZE
```
static final int SYNCHRONIZE
```
    See Also:
    
    Constant Field Values
  - GENERIC_ALL
```
static final int GENERIC_ALL
```
    See Also:
    
    Constant Field Values
  - GENERIC_EXECUTE
```
static final int GENERIC_EXECUTE
```
    See Also:
    
    Constant Field Values
  - GENERIC_WRITE
```
static final int GENERIC_WRITE
```
    See Also:
    
    Constant Field Values
  - GENERIC_READ
```
static final int GENERIC_READ
```
    See Also:
    
    Constant Field Values
  - FLAGS_OBJECT_INHERIT
```
static final int FLAGS_OBJECT_INHERIT
```
    See Also:
    
    Constant Field Values
  - FLAGS_CONTAINER_INHERIT
```
static final int FLAGS_CONTAINER_INHERIT
```
    See Also:
    
    Constant Field Values
  - FLAGS_NO_PROPAGATE
```
static final int FLAGS_NO_PROPAGATE
```
    See Also:
    
    Constant Field Values
  - FLAGS_INHERIT_ONLY
```
static final int FLAGS_INHERIT_ONLY
```
    See Also:
    
    Constant Field Values
  - FLAGS_INHERITED
```
static final int FLAGS_INHERITED
```
    See Also:
    
    Constant Field Values
- Method Detail
  - getSID
```
SID getSID()
```
    Return the SID associated with this ACE.
    
    Returns:
    
    ACE target SID
  - getAccessMask
```
int getAccessMask()
```
    Returns the access mask associated with this ACE. Use the constants for FILE_READ_DATA, FILE_WRITE_DATA, READ_CONTROL, GENERIC_ALL, etc with bitwise operators to determine which bits of the mask are on or off.
    
    Returns:
    
    the access mask
  - getApplyToText
```
String getApplyToText()
```
    Returns the 'Apply To' text for inheritance of ACEs on directories such as 'This folder, subfolder and files'. For files the text is always 'This object only'.
    
    Returns:
    
    descriptive text for the ACE scope
  - getFlags
```
int getFlags()
```
    Returns the flags for this ACE. The isInherited() method checks the FLAGS_INHERITED bit in these flags.
    
    Returns:
    
    the ACE flags
  - isInherited
```
boolean isInherited()
```
    Returns true if this ACE is an inherited ACE and false if it is a direct ACE.
    Note: For reasons not fully understood, FLAGS_INHERITED may not be set within all security descriptors even though the ACE was in face inherited. If an inherited ACE is added to a parent the Windows ACL editor will rebuild all children ACEs and set this flag accordingly.
    
    Returns:
    
    whether this is an inherited ACE
  - isAllow
```
boolean isAllow()
```
    Returns true if this ACE is an allow ACE and false if it is a deny ACE.
    
    Returns:
    
    whether this in an allow ACE

Interface ACE

Field Summary

Method Summary

Field Detail

FILE_READ_DATA

FILE_WRITE_DATA

FILE_APPEND_DATA

FILE_READ_EA

FILE_WRITE_EA

FILE_EXECUTE

FILE_DELETE

FILE_READ_ATTRIBUTES

FILE_WRITE_ATTRIBUTES

DELETE

READ_CONTROL

WRITE_DAC

WRITE_OWNER

SYNCHRONIZE

GENERIC_ALL

GENERIC_EXECUTE

GENERIC_WRITE

GENERIC_READ

FLAGS_OBJECT_INHERIT

FLAGS_CONTAINER_INHERIT

FLAGS_NO_PROPAGATE

FLAGS_INHERIT_ONLY

FLAGS_INHERITED

Method Detail

getSID

getAccessMask

getApplyToText

getFlags

isInherited

isAllow