On Wed, 31 Jul 2002, ZINKEVICIUS,MATT (HP-Loveland,ex1) wrote: > > 1. If it encounters a DENY (negative) ACE that denies any of the bits > > requested, it denies access. > > Correct > > > 2. If it encounters ALLOW ACLs that allows any of the bits, > > but not all, > > it continues? Is this true. Does it accumulate permission > > bits until the > > requested bits are available and then stop? If a DENY appears > > after an ACE > > that allows some bits, but not all, presumably, it denies > > access. So order > > is very important. However, does it accumulate perms. > > It accumulates and continues as long as none of the request bits have been > denied. If there are no more ACEs and the full set of request bits have not > been allowed then permission is denied. If a previously allowed bit is > denied in a later ACE it is still allowed. That is why ACE ordering is > important.
Hmmmm, the MSDN article I looked at did not say that, but does not address that situation either. It kind of implies that any deny bit in the set requested causes a deny. Is that your experience? Do you have a simple program that demonstrates that? Regards ----- Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
