ACE - An entry in a discretionary access control list (DACL) or a system access control list (SACL). An access control entry (ACE) specifies the access or auditing permissions to an object in Active Directory or on a volume formatted using the NTFS file system for a particular user or group.
An ACE is part of a DACL or a SACL for an object and contains information that is used to control the access attributes of that object.
An ACE specifies two pieces of information:
An access mask specifying the possible permissions that can be assigned to the object is included with each ACE. An ACE can provide one of the following: