API Reference
AclAceAssessment
Standardized assessment for a single ACE (allow/deny, operation kind, write flags, identity info).
Inheritance
- Object
- AclAceAssessment
Constructors
public AclAceAssessment() #Methods
Inherited Methods
Properties
public String DomainName { get; set; } #DNS domain name used to resolve schema and names.
public String DisplayName { get; set; } #Best‑effort friendly name for the trustee.
public IdentityType IdentityType { get; set; } #Resolved identity type (User/Group/Computer/Unknown).
public Boolean IsInherited { get; set; } #True when the ACE is inherited from a parent container.
public AccessControlType Type { get; set; } #Allow or Deny.
public ActiveDirectoryRights Rights { get; set; } #Raw ActiveDirectoryRights bitmask from the ACE.
public Nullable<Guid> ObjectTypeGuid { get; set; } #When present, objectType GUID (attribute/extended right) targeted by the ACE.
public String ObjectTypeName { get; set; } #Friendly display name for ObjectTypeGuid when resolvable.
public AclOperationKind OperationKind { get; set; } #Derived coarse operation: Read, Write, ModifyDacl, ModifyOwner, CreateOrDeleteChild, Delete, ApplyGroupPolicy, Unknown.
public Boolean HasWrite { get; set; } #True if the ACE conveys any write/control capability (excludes Apply‑only).
public Boolean IsApplyGroupPolicy { get; set; } #True if the ACE grants the Apply Group Policy extended right.
public Boolean IsPrivileged { get; set; } #True if the trustee is a privileged/builtin identity (e.g., Domain Admins, BUILTIN\Administrators).
public Boolean IsCreatorOwner { get; set; } #True if the trustee SID is CREATOR OWNER (S-1-3-0).
public String WriteRightsDisplay { get; set; } #Display‑friendly subset of write bits for UI (excludes read/extended rights).
public AclRiskLevel RiskLevel { get; set; } #Risk level of this ACE based on rights and extended-right context.
public String RiskReason { get; set; } #Short explanation for the risk level.