c++windowsacl

Is there a canonical way to reorder the DACL of an object after adding an ACE to it?


After adding an ACE to a file ACL, I checked the permissions on the object using Explorer. It is giving me an error about the DACL not being in canonical format and asks me if I would like it reordered. Is there any sort of documentation anywhere that provides the canonical ordering of the DACL so I don't have to rely on explorer to reorder it every time? Or (even better) an API function to do it for me?


Solution

  • If you use the SetEntriesInAcl function (as opposed to low-level functions such as AddAce) the ACL will be put in canonical order automatically.