private AccessMask GetDesiredAccess()
        {
            NtType type = GetNtType();

            if (RawAccess.HasValue)
            {
                return(type.MapGenericRights(RawAccess.Value));
            }

            if (!_dict.GetValue("Access", out Enum access))
            {
                return(GenericAccessRights.MaximumAllowed);
            }

            return(type.MapGenericRights(access));
        }
        /// <summary>
        /// Process Record.
        /// </summary>
        protected override void ProcessRecord()
        {
            if (!_dict.GetValue("Access", out Enum access))
            {
                if (!RawAccess.HasValue && RequiresAccess(Type))
                {
                    throw new ArgumentException("Invalid access value.");
                }
                else
                {
                    access = GenericAccessRights.None;
                }
            }

            _dict.GetValue("Condition", out string condition);
            _dict.GetValue("ObjectType", out Guid? object_type);
            _dict.GetValue("InheritedObjectType", out Guid? inherited_object_type);
            _dict.GetValue("ServerSid", out Sid server_sid);
            _dict.GetValue("SecurityAttribute", out ClaimSecurityAttribute security_attribute);

            Acl acl;

            if (NtSecurity.IsSystemAceType(Type))
            {
                if (SecurityDescriptor.Sacl == null)
                {
                    SecurityDescriptor.Sacl = new Acl();
                }
                acl = SecurityDescriptor.Sacl;
            }
            else
            {
                if (SecurityDescriptor.Dacl == null)
                {
                    SecurityDescriptor.Dacl = new Acl();
                }
                acl = SecurityDescriptor.Dacl;
            }

            AccessMask mask = access;

            if (RawAccess.HasValue)
            {
                mask |= RawAccess.Value;
            }

            if (MapGeneric)
            {
                NtType type = SecurityDescriptor.NtType;
                if (type == null)
                {
                    WriteWarning("No NtType specified in security descriptor. Defaulting to File.");
                    type = NtType.GetTypeByType <NtFile>();
                }
                mask = type.MapGenericRights(mask);
            }

            Ace ace = new Ace(Type, Flags, mask, GetSid());

            if ((NtSecurity.IsCallbackAceType(Type) || Type == AceType.AccessFilter) && !string.IsNullOrWhiteSpace(condition))
            {
                ace.Condition = condition;
            }
            if (NtSecurity.IsObjectAceType(Type))
            {
                ace.ObjectType          = object_type;
                ace.InheritedObjectType = inherited_object_type;
            }
            if (Type == AceType.AllowedCompound)
            {
                ace.ServerSid = server_sid;
            }
            if (Type == AceType.ResourceAttribute)
            {
                ace.ResourceAttribute = security_attribute;
            }

            acl.Add(ace);
            if (PassThru)
            {
                WriteObject(ace);
            }
        }