Creates a new ACL entry with the given characteristics, and adds it to an access instance.


OSStatus SecACLCreateWithSimpleContents(SecAccessRef access, CFArrayRef applicationList, CFStringRef description, SecKeychainPromptSelector promptSelector, SecACLRef  _Nullable *newAcl);



The access instance to which to add the information.


An array of SecTrustedApplicationRef instances identifying apps that are allowed access to the keychain item without user confirmation.

Set this parameter to nil to indicate that any app can use this item. Pass an empty array to indicate that there are no trusted apps.


The human readable name to be used to refer to this item when the user is prompted.


A set of prompt selector flags. See SecKeychainPromptSelector for possible values.


A pointer the method uses to return the new SecACLRef instance.

Return Value


The ACL entry returned by this method includes a list of trusted apps, the name of the keychain item as it appears in user prompts, the prompt selector flag, and a list of one or more operations to which this ACL entry applies. By default, a new ACL entry applies to all operations. Use the SecACLUpdateAuthorizations method to set the list of operations for an ACL entry.

The system requires exactly one owner ACL entry in each access instance. The SecACLCreateWithSimpleContents method fails if you attempt to add a second owner entry. To change owner access controls, use the SecAccessCopyMatchingACLList function to find the owner entry (the only one with an authorization tag of kSecACLAuthorizationChangeACL) and the SecACLSetContents method to change it as needed.

See Also

Access Control List Entries


Removes the specified ACL entry from the access instance that contains it.

ACL Authorization Keys

The operations an access control list entry applies to.


Bits that define when a keychain should require a passphrase.


An opaque type that represents information about an ACL entry.


Returns the unique identifier of the opaque type to which an ACL entry belongs.