Export (0) Print
Expand All
Expand Minimize

EventAccessQuery function

Retrieves the permissions for the specified controller or provider.

Syntax


ULONG EventAccessQuery(
  _In_     LPGUID Guid,
  _Inout_  PSECURITY_DESCRIPTOR Buffer,
  _Inout_  PULONG BufferSize
);

Parameters

Guid [in]

GUID that uniquely identifies the provider or session.

Buffer [in, out]

Application-allocated buffer that will contain the security descriptor of the controller or provider.

BufferSize [in, out]

Size of the security descriptor buffer, in bytes. If the function succeeds, this parameter receives the size of the buffer used. If the buffer is too small, the function returns ERROR_MORE_DATA and this parameter receives the required buffer size. If the buffer size is zero on input, no data is returned in the buffer and this parameter receives the required buffer size.

Return value

Returns ERROR_SUCCESS if successful.

The function returns the following return code if an error occurs:

Return codeDescription
ERROR_MORE_DATA

The buffer is too small to receive the security descriptor. Reallocate the buffer using the size returned in BufferSize.

 

Remarks

If the GUID does not exist in the registry, ETW returns the default permissions for a provider or controller. For details on specifying the GUID in the registry, see EventAccessControl.

For information on accessing the components of the security descriptor, see Getting Information from an ACL, the GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, and GetAce functions, and the ACE structure.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

Evntcons.h

Library

Advapi32.lib

DLL

Advapi32.dll

See also

EventAccessControl
EventAccessRemove

 

 

Community Additions

ADD
Show:
© 2014 Microsoft