A securable object is an object that can have a
security descriptor. All named Windows objects are
securable. Some unnamed objects, such as process and
thread objects, can have security descriptors too. For most securable objects, you can specify an object's
security descriptor in the function call
that creates the object. For example, you can specify a security descriptor in the
CreateFile and
CreateProcess functions.
In addition, the Windows security functions enable you to get and set the security information for securable
objects created on operating systems other than Windows. The Windows security functions also provide support for
using security descriptors with private, application-defined objects. For more information about private
securable objects, see
Client/Server Access Control.
Each type of securable object defines its own set of specific
access rights and its own
mapping of generic access rights. For
information about the specific and generic access rights for each type of securable object, see the overview for
that type of object.
The following table shows the functions to use to manipulate the security information for some common securable
objects.
| Object type | Security descriptor functions |
|---|
| Files or directories on an NTFS
file system | GetNamedSecurityInfo,
SetNamedSecurityInfo,
GetSecurityInfo,
SetSecurityInfo |
|
Named pipes
Anonymous pipes
| GetSecurityInfo,
SetSecurityInfo |
|
Processes
Threads
| GetSecurityInfo,
SetSecurityInfo |
| File-mapping objects | GetNamedSecurityInfo,
SetNamedSecurityInfo,
GetSecurityInfo,
SetSecurityInfo |
| Access tokens | SetKernelObjectSecurity,
GetKernelObjectSecurity |
| Window-management objects
(window stations and
desktops) | GetSecurityInfo,
SetSecurityInfo |
| Registry keys | GetNamedSecurityInfo,
SetNamedSecurityInfo,
GetSecurityInfo,
SetSecurityInfo |
| Windows services | GetNamedSecurityInfo,
SetNamedSecurityInfo,
GetSecurityInfo,
SetSecurityInfo |
| Local or remote printers | GetNamedSecurityInfo,
SetNamedSecurityInfo,
GetSecurityInfo,
SetSecurityInfo |
| Network shares | GetNamedSecurityInfo,
SetNamedSecurityInfo,
GetSecurityInfo,
SetSecurityInfo |
| Interprocess synchronization objects
(events, mutexes, semaphores, and waitable timers) | GetNamedSecurityInfo,
SetNamedSecurityInfo,
GetSecurityInfo,
SetSecurityInfo |
| Job objects | GetNamedSecurityInfo,
SetNamedSecurityInfo,
GetSecurityInfo,
SetSecurityInfo |
| Directory service objects | These objects are handled by Active Directory Objects. For more information, see
Active Directory Service Interfaces. |
Send comments about this topic to Microsoft
Build date: 6/26/2009