Export (0) Print
Expand All

ISecurityInformation::GetSecurity method

The GetSecurity method requests a security descriptor for the securable object whose security descriptor is being edited. The access control editor calls this method to retrieve the object's current or default security descriptor.

Syntax


HRESULT GetSecurity(
  [in]   SECURITY_INFORMATION RequestedInformation,
  [out]  PSECURITY_DESCRIPTOR *ppSecurityDescriptor,
  [in]   BOOL fDefault
);

Parameters

RequestedInformation [in]

A set of SECURITY_INFORMATION bit flags that indicate the parts of the security descriptor being requested. This parameter can be a combination of the following values.

ValueMeaning
OWNER_SECURITY_INFORMATION

The security descriptor must include the SID of the object's owner.

GROUP_SECURITY_INFORMATION

The security descriptor must include the SID of the object's primary group.

DACL_SECURITY_INFORMATION

The security descriptor must include the object's DACL.

SACL_SECURITY_INFORMATION

The security descriptor must include the object's SACL.

 

ppSecurityDescriptor [out]

A pointer to a variable that your implementation must set to a pointer to the object's security descriptor. The security descriptor must include the components requested by the RequestedInformation parameter.

The system calls the LocalFree function to free the returned pointer.

fDefault [in]

If this parameter is TRUE, ppSecurityDescriptor should return an application-defined default security descriptor for the object. The access control editor uses this default security descriptor to reinitialize the property page.

The access control editor sets this parameter to TRUE only if the user clicks the Default button. The Default button is displayed only if you set the SI_RESET flag in the ISecurityInformation::GetObjectInformation method. If no default security descriptor is available, do not set the SI_RESET flag.

If this flag is FALSE, ppSecurityDescriptor should return the object's current security descriptor.

Return value

Returns S_OK if successful.

Returns a nonzero error code if an error occurs. Returns E_ACCESSDENIED if the user does not have permission to read the requested security information.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Aclui.h

See also

ISecurityInformation
Access Control Editor
Access Control Editor Functions
ISecurityInformation::GetObjectInformation
LocalFree
SECURITY_INFORMATION

 

 

Community Additions

ADD
Show:
© 2014 Microsoft