This code sample includes a set of classes implementing several NTFS access control objects. Through these objects, like Access Control List (ACL) and Access Control Entry (ACE) and others, the OS defines access rights to files, folders (in particular) for different users and user groups.
The most familiar interface around NTFS access control objects is shown on the picture below.
An output from the code sample looks much simpler. It retrieves Security Identifiers (SID) for all accounts having allowed/denied access rights to the specified file.
The code also obtains Type, Flags and Mask values for each ACE. These values define access rights and properties like reading, writing, accessing attributes, taking ownership, inheritance and others.
* * *
As you know, VFP strings are widely used instead of pointers in many API calls. Here is an example of GetFileSecurity API function being declared and called using such string as the third parameter passed by reference.
The code returns no error and the cDescriptor contains meaningful data on exit. But under certain circumstances, the cDescriptor fails while used in subsequent API calls like, for instance, GetSecurityDescriptorDacl.
I have found it far more reliable for this particular function to be declared with pSecurityDescriptor parameter set as Integer.