Export (0) Print
Expand All
ACE
ACL
SID
Expand Minimize

Authorization Structures

The following structures are used with authorization applications.

In this section

TopicDescription

ACCESS_ALLOWED_ACE

Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-allowed ACE allows access to an object for a specific trustee identified by a security identifier (SID).

ACCESS_ALLOWED_CALLBACK_ACE

The ACCESS_ALLOWED_CALLBACK_ACE structure defines an access control entry for the discretionary access control list that controls access to an object.

ACCESS_ALLOWED_CALLBACK_OBJECT_ACE

Defines an access control entry (ACE) that controls allowed access to an object, property set, or property.

ACCESS_ALLOWED_OBJECT_ACE

Defines an access control entry (ACE) that controls allowed access to an object, a property set, or property.

ACCESS_DENIED_ACE

Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-denied ACE denies access to an object for a specific trustee identified by a security identifier (SID).

ACCESS_DENIED_CALLBACK_ACE

The ACCESS_DENIED_CALLBACK_ACE structure defines an access control entry for the discretionary access control list that controls access to an object.

ACCESS_DENIED_CALLBACK_OBJECT_ACE

The ACCESS_DENIED_CALLBACK_OBJECT_ACE structure defines an access control entry that controls denied access to an object, a property set, or property.

ACCESS_DENIED_OBJECT_ACE

Defines an access control entry (ACE) that controls denied access to an object, a property set, or property.

ACE

Lists the currently defined ACE types.

ACE_HEADER

Defines the type and size of an access control entry (ACE).

ACL

Header of an access control list (ACL).

ACL_REVISION_INFORMATION

Contains revision information about an ACL structure.

ACL_SIZE_INFORMATION

Contains information about the size of an ACL structure.

AUDIT_POLICY_INFORMATION

Specifies a security event type and when to audit that type.

AUTHZ_ACCESS_REPLY

Defines an access check reply.

AUTHZ_ACCESS_REQUEST

Defines an access check request.

AUTHZ_INIT_INFO

Defines the initialization information for the resource manager.

AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET

Specifies the offset of a registration object type name.

AUTHZ_RPC_INIT_INFO_CLIENT

initializes a remote resource manager for a client.

AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE

Specifies a fully qualified binary name value associated with a security attribute.

AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE

Specifies an octet string value for a security attribute.

AUTHZ_SECURITY_ATTRIBUTE_V1

Defines a security attribute that can be associated with an authorization context.

AUTHZ_SECURITY_ATTRIBUTES_INFORMATION

Specifies one or more security attributes and values.

AUTHZ_SOURCE_SCHEMA_REGISTRATION

Specifies information about source schema registration.

CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE

Specifies the fully qualified binary name.

CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE

Specifies the OCTET_STRING value type of the claim security attribute.

CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1

Defines a resource attribute that is defined in continuous memory for persistence within a serialized security descriptor.

CLAIM_SECURITY_ATTRIBUTE_V1

Defines a security attribute that can be associated with a token or authorization context.

CLAIM_SECURITY_ATTRIBUTES_INFORMATION

Defines the security attributes for the claim.

EFFPERM_RESULT_LIST

Lists the effective permissions.

EXPLICIT_ACCESS

Defines access control information for a specified trustee.

GENERIC_MAPPING

Defines the mapping of generic access rights to specific and standard access rights for an object.

INHERITED_FROM

Provides information about an object's inherited access control entry (ACE).

LUID

64-bit value guaranteed to be unique only on the system on which it was generated.

LUID_AND_ATTRIBUTES

Represents a locally unique identifier (LUID) and its attributes.

OBJECT_TYPE_LIST

Identifies an object type element in a hierarchy of object types.

OBJECTS_AND_NAME

Contains a string that identifies a trustee by name and additional strings that identify the object types of an object-specific access control entry (ACE).

OBJECTS_AND_SID

Contains a security identifier (SID) that identifies a trustee and GUIDs that identify the object types of an object-specific access control entry (ACE).

POLICY_AUDIT_SID_ARRAY

Specifies an array of SID structures that represent Windows users or groups.

PRIVILEGE_SET

Specifies a set of privileges.

SECURITY_ATTRIBUTES

The SECURITY_ATTRIBUTES security structure contains the security descriptor for an object and specifies whether the handle retrieved by specifying this structure is inheritable.

SECURITY_CAPABILITIES

Defines the security capabilities of the app container.

SECURITY_DESCRIPTOR

Contains the security information associated with an object.

SECURITY_OBJECT

Contains the security object information.

SECURITY_QUALITY_OF_SERVICE

Contains information used to support client impersonation.

SI_ACCESS

Contains information about an access right or default access mask for a securable object.

SI_INHERIT_TYPE

Contains information about how access control entries (ACEs) can be inherited by child objects.

SI_OBJECT_INFO

Used to initialize the access control editor.

SID

Used to uniquely identify users or groups.

SID_AND_ATTRIBUTES

Represents a security identifier (SID) and its attributes.

SID_AND_ATTRIBUTES_HASH

Specifies a hash values for the specified array of security identifiers (SIDs)

SID_IDENTIFIER_AUTHORITY

Represents the top-level authority of a security identifier (SID).

SID_INFO

Contains the list of common names corresponding to the SID structures returned by ISecurityInformation2::LookupSids.

SID_INFO_LIST

Contains a list of SID_INFO structures.

SYSTEM_ALARM_ACE

The SYSTEM_ALARM_ACE structure is reserved for future use.

SYSTEM_ALARM_CALLBACK_ACE

The SYSTEM_ALARM_CALLBACK_ACE structure is reserved for future use.

SYSTEM_ALARM_CALLBACK_OBJECT_ACE

The SYSTEM_ALARM_CALLBACK_OBJECT_ACE structure is reserved for future use.

SYSTEM_ALARM_OBJECT_ACE

The SYSTEM_ALARM_OBJECT_ACE structure is reserved for future use.

SYSTEM_AUDIT_ACE

Defines an access control entry (ACE) for the system access control list (SACL) that specifies what types of access cause system-level notifications.

SYSTEM_AUDIT_CALLBACK_ACE

The SYSTEM_AUDIT_CALLBACK_ACE structure defines an access control entry for the system access control list that specifies what types of access cause system-level notifications.

SYSTEM_AUDIT_CALLBACK_OBJECT_ACE

The SYSTEM_AUDIT_CALLBACK_OBJECT_ACE structure defines an access control entry for a system access control list.

SYSTEM_AUDIT_OBJECT_ACE

Defines an access control entry (ACE) for a system access control list (SACL).

SYSTEM_MANDATORY_LABEL_ACE

Defines an access control entry (ACE) for the system access control list (SACL) that specifies the mandatory access level and policy for a securable object.

SYSTEM_RESOURCE_ATTRIBUTE_ACE

Defines an access control entry (ACE) for the system access control list (SACL) that specifies the system resource attributes for a securable object.

SYSTEM_SCOPED_POLICY_ID_ACE

Defines an access control entry (ACE) for the system access control list (SACL) that specifies the scoped policy identifier for a securable object.

TOKEN_ACCESS_INFORMATION

Specifies all the information in a token that is necessary to perform an access check.

TOKEN_APPCONTAINER_INFORMATION

Specifies all the information in a token that is necessary for an app container.

TOKEN_AUDIT_POLICY

Specifies the per user audit policy for a token.

TOKEN_CONTROL

Contains information that identifies an access token.

TOKEN_DEFAULT_DACL

Specifies a discretionary access control list (DACL).

TOKEN_DEVICE_CLAIMS

Defines the device claims for the token.

TOKEN_ELEVATION

Indicates whether a token has elevated privileges.

TOKEN_GROUPS

Contains information about the group security identifiers (SIDs) in an access token.

TOKEN_GROUPS_AND_PRIVILEGES

Contains information about the group security identifiers (SIDs) and privileges in an access token.

TOKEN_LINKED_TOKEN

Contains a handle to a token. This token is linked to the token being queried by the GetTokenInformation function or set by the SetTokenInformation function.

TOKEN_MANDATORY_LABEL

Specifies the mandatory integrity level for a token.

TOKEN_MANDATORY_POLICY

Specifies the mandatory integrity policy for a token.

TOKEN_ORIGIN

Contains information about the origin of the logon session.

TOKEN_OWNER

Contains the default owner security identifier (SID) that will be applied to newly created objects.

TOKEN_PRIMARY_GROUP

Specifies a group security identifier (SID) for an access token.

TOKEN_PRIVILEGES

Contains information about a set of privileges for an access token.

TOKEN_SOURCE

Identifies the source of an access token.

TOKEN_STATISTICS

Contains information about an access token.

TOKEN_USER

Identifies the user associated with an access token.

TOKEN_USER_CLAIMS

Defines the user claims for the token.

TRUSTEE

Identifies the user account, group account, or logon session to which an access control entry (ACE) applies.

 

Authorization structures are categorized according to usage as follows:

Basic Access Control Structures

The following structures are used with access control.

Access Control Editor Structures

The following structures are used with the access control editor.

Client/Server Access Control Structures

The following structures implement client/server access control functionality.

 

 

Community Additions

ADD
Show:
© 2014 Microsoft