SECURITY_INFORMATION (Windows)

MSDN Home

MSDN
MSDN Library
Win32 and COM Development
Security
Authorization
Authorization Reference
Authorization Data Types

Authorization Data Types

ACCESS_MASK
SECURITY_DESCRIPTOR_CONTROL
SECURITY_INFORMATION

Switch View :

Classic

Lightweight Beta

ScriptFree

Feedback

SECURITY_INFORMATION

The SECURITY_INFORMATION data type identifies the object-related security information being set or queried. This security information includes:

The owner of an object
The primary group of an object
The discretionary access control list (DACL) of an object
The system access control list (SACL) of an object


typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;

Remarks

Some SECURITY_INFORMATION members work only with the SetNamedSecurityInfo function. These members are not returned in the structure returned by other security functions such as GetNamedSecurityInfo or ConvertStringSecurityDescriptorToSecurityDescriptor.

Each item of security information is designated by a bit flag. Each bit flag can be one of the following values.

Value	Meaning
DACL_SECURITY_INFORMATION	The DACL of the object is being referenced.
LABEL_SECURITY_INFORMATION	The mandatory integrity label is being referenced.
GROUP_SECURITY_INFORMATION	The primary group identifier of the object is being referenced.
OWNER_SECURITY_INFORMATION	The owner identifier of the object is being referenced.
PROTECTED_DACL_SECURITY_INFORMATION	The DACL cannot inherit access control entries (ACEs).
PROTECTED_SACL_SECURITY_INFORMATION	The SACL cannot inherit ACEs.
SACL_SECURITY_INFORMATION	The SACL of the object is being referenced.
UNPROTECTED_DACL_SECURITY_INFORMATION	The DACL inherits ACEs from the parent object.
UNPROTECTED_SACL_SECURITY_INFORMATION	The SACL inherits ACEs from the parent object.

Requirements

Minimum supported client	Windows 2000 Professional
Minimum supported server	Windows 2000 Server
Header	Winnt.h (include Windows.h)

Access Control
Basic Access Control Structures
ConvertStringSecurityDescriptorToSecurityDescriptor
GetFileSecurity
GetKernelObjectSecurity
GetNamedSecurityInfo
GetPrivateObjectSecurity
GetUserObjectSecurity
SetFileSecurity
SetKernelObjectSecurity
SetNamedSecurityInfo
SetPrivateObjectSecurity
SetUserObjectSecurity

Send comments about this topic to Microsoft

Build date: 9/11/2009

Tags :

Community Content

Gideon7

Integrity ACEs in the SACL

Windows Vista (or later) stores the mandatory integrity label ACEs (if any) in the SACL. To view or manipulate the integrity ACEs requires that the flag LABEL_SECURITY_INFORMATION be set for both the GetXxxSecurity and the SetXxxSecurity functions. Without the flag the GetXxxSecurity functions will elide the mandatory integrity label ACEs from the SACL of the returned security descriptor.

Tags : label_security_information security_information

Gideon7

Metaflags for protected ACLs

PROTECTED_DACL_SECURITY_INFORMATION and PROTECTED_SACL_SECURITY_INFORMATION are metaflags that confirm that you want to set the flag SE_DACL_PROTECTED (0x1000) or SE_SACL_PROTECTED (0x2000) in the security descriptor when calling the high-level security APIs SetNamedSecurityInfo or SetSecurityInfo. In a similar fashion, the metaflags UNPROTECTED_DACL_SECURITY_INFORMATION and UNPROTECTED_SACL_SECURITY_INFORMATION indicate that you want to clear the respective flags in the security descriptor. The low-level security APIs ignore the metaflags.

Tags : security_information protected_dacl_security_information protected_sacl_security_information se_dacl_protected se_sacl_protected unprotected_dacl_security_information unprotected_sacl_security_information

Remarks

Requirements

See Also