2.4.4.16 SYSTEM_SCOPED_POLICY_ID_ACE
The SYSTEM_SCOPED_POLICY_ID_ACE structure defines an ACE for the purpose of applying a central access policy to the resource.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Header |
|||||||||||||||||||||||||||||||
|
Mask |
|||||||||||||||||||||||||||||||
|
Sid (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Header (4 bytes): An ACE_HEADER structure that specifies the size and type of ACE. It also contains flags that control applicability and inheritance of the ACE by child objects.
Mask (4 bytes): An ACCESS_MASK that MUST be set to zero.
Sid (variable): A SID that identifies a central access policy. For a SYSTEM_SCOPED_POLICY_ID_ACE to be applicable on a resource, this SID MUST match a CAPID of a CentralAccessPolicy contained in the CentralAccessPoliciesList (as specified in [MS-GPCAP] section 3.2.1.1) of the machine on which the access evaluation will be performed.