SECURITY_INFORMATION
The SECURITY_INFORMATION data type identifies the object-related security information being set or queried. This security information includes:
- The owner of an object
- The primary group of an object
- The discretionary access control list (DACL) of an object
- The system access control list (SACL) of an object
typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
Remarks
Some SECURITY_INFORMATION members work only with the SetNamedSecurityInfo function. These members are not returned in the structure returned by other security functions such as GetNamedSecurityInfo or ConvertStringSecurityDescriptorToSecurityDescriptor.
Each item of security information is designated by a bit flag. Each bit flag can be one of the following values. For more information, see the SetSecurityAccessMask and QuerySecurityAccessMask functions.
| Value/rights required to query/set | Meaning |
|---|---|
|
ATTRIBUTE_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_DAC |
The resource properties of the object being referenced. The resource properties are stored in SYSTEM_RESOURCE_ATTRIBUTE_ACE types in the SACL of the security descriptor.
|
|
BACKUP_SECURITY_INFORMATION Right required to query: READ_CONTROL and ACCESS_SYSTEM_SECURITY Right required to set: WRITE_DAC and WRITE_OWNER and ACCESS_SYSTEM_SECURITY |
All parts of the security descriptor. This is useful for backup and restore software that needs to preserve the entire security descriptor.
|
|
DACL_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_DAC |
The DACL of the object is being referenced. |
|
GROUP_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_OWNER |
The primary group identifier of the object is being referenced. |
|
LABEL_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_OWNER |
The mandatory integrity label is being referenced. The mandatory integrity label is an ACE in the SACL of the object.
|
|
OWNER_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_OWNER |
The owner identifier of the object is being referenced. |
|
PROTECTED_DACL_SECURITY_INFORMATION Right required to query: Not available Right required to set: WRITE_DAC |
The DACL cannot inherit access control entries (ACEs). |
|
PROTECTED_SACL_SECURITY_INFORMATION Right required to query: Not available Right required to set: ACCESS_SYSTEM_SECURITY |
The SACL cannot inherit ACEs. |
|
SACL_SECURITY_INFORMATION Right required to query: ACCESS_SYSTEM_SECURITY Right required to set: ACCESS_SYSTEM_SECURITY |
The SACL of the object is being referenced. |
|
SCOPE_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: ACCESS_SYSTEM_SECURITY |
The Central Access Policy (CAP) identifier applicable on the object that is being referenced. Each CAP identifier is stored in a SYSTEM_SCOPED_POLICY_ID_ACE type in the SACL of the SD.
|
|
UNPROTECTED_DACL_SECURITY_INFORMATION Right required to query: Not available Right required to set: WRITE_DAC |
The DACL inherits ACEs from the parent object. |
|
UNPROTECTED_SACL_SECURITY_INFORMATION Right required to query: Not available Right required to set: ACCESS_SYSTEM_SECURITY |
The SACL inherits ACEs from the parent object. |
Requirements
|
Minimum supported client | Windows XP [desktop apps only] |
|---|---|
|
Minimum supported server | Windows Server 2003 [desktop apps only] |
|
Header |
|
See also
- Access Control
- Basic Access Control Structures
- ConvertSecurityDescriptorToStringSecurityDescriptor
- ConvertStringSecurityDescriptorToSecurityDescriptor
- GetFileSecurity
- GetKernelObjectSecurity
- GetNamedSecurityInfo
- GetPrivateObjectSecurity
- GetSecurityInfo
- GetUserObjectSecurity
- QuerySecurityAccessMask
- SetFileSecurity
- SetKernelObjectSecurity
- SetNamedSecurityInfo
- SetPrivateObjectSecurity
- SetSecurityAccessMask
- SetSecurityInfo
- SetUserObjectSecurity
- TreeResetNamedSecurityInfo
- TreeSetNamedSecurityInfo
Send comments about this topic to Microsoft
Build date: 10/26/2012
