Export (0) Print
Expand All
1 out of 9 rated this helpful - Rate this topic

SECURITY_INFORMATION

The SECURITY_INFORMATION data type identifies the object-related security information being set or queried. This security information includes:


typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;

Remarks

Some SECURITY_INFORMATION members work only with the SetNamedSecurityInfo function. These members are not returned in the structure returned by other security functions such as GetNamedSecurityInfo or ConvertStringSecurityDescriptorToSecurityDescriptor.

Each item of security information is designated by a bit flag. Each bit flag can be one of the following values. For more information, see the SetSecurityAccessMask and QuerySecurityAccessMask functions.

Value/rights required to query/setMeaning

ATTRIBUTE_SECURITY_INFORMATION

Right required to query: READ_CONTROL

Right required to set: WRITE_DAC

The resource properties of the object being referenced. The resource properties are stored in SYSTEM_RESOURCE_ATTRIBUTE_ACE types in the SACL of the security descriptor.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP:  This bit flag is not available.

BACKUP_SECURITY_INFORMATION

Right required to query: READ_CONTROL and ACCESS_SYSTEM_SECURITY

Right required to set: WRITE_DAC and WRITE_OWNER and ACCESS_SYSTEM_SECURITY

All parts of the security descriptor. This is useful for backup and restore software that needs to preserve the entire security descriptor.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP:  This bit flag is not available.

DACL_SECURITY_INFORMATION

Right required to query: READ_CONTROL

Right required to set: WRITE_DAC

The DACL of the object is being referenced.

GROUP_SECURITY_INFORMATION

Right required to query: READ_CONTROL

Right required to set: WRITE_OWNER

The primary group identifier of the object is being referenced.

LABEL_SECURITY_INFORMATION

Right required to query: READ_CONTROL

Right required to set: WRITE_OWNER

The mandatory integrity label is being referenced.

The mandatory integrity label is an ACE in the SACL of the object.

Windows Server 2003 and Windows XP:  This bit flag is not available.

OWNER_SECURITY_INFORMATION

Right required to query: READ_CONTROL

Right required to set: WRITE_OWNER

The owner identifier of the object is being referenced.

PROTECTED_DACL_SECURITY_INFORMATION

Right required to query: Not available

Right required to set: WRITE_DAC

The DACL cannot inherit access control entries (ACEs).

PROTECTED_SACL_SECURITY_INFORMATION

Right required to query: Not available

Right required to set: ACCESS_SYSTEM_SECURITY

The SACL cannot inherit ACEs.

SACL_SECURITY_INFORMATION

Right required to query: ACCESS_SYSTEM_SECURITY

Right required to set: ACCESS_SYSTEM_SECURITY

The SACL of the object is being referenced.

SCOPE_SECURITY_INFORMATION

Right required to query: READ_CONTROL

Right required to set: ACCESS_SYSTEM_SECURITY

The Central Access Policy (CAP) identifier applicable on the object that is being referenced. Each CAP identifier is stored in a SYSTEM_SCOPED_POLICY_ID_ACE type in the SACL of the SD.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP:  This bit flag is not available.

UNPROTECTED_DACL_SECURITY_INFORMATION

Right required to query: Not available

Right required to set: WRITE_DAC

The DACL inherits ACEs from the parent object.

UNPROTECTED_SACL_SECURITY_INFORMATION

Right required to query: Not available

Right required to set: ACCESS_SYSTEM_SECURITY

The SACL inherits ACEs from the parent object.

 

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Winnt.h (include Windows.h)

See also

Access Control
Basic Access Control Structures
ConvertSecurityDescriptorToStringSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptor
GetFileSecurity
GetKernelObjectSecurity
GetNamedSecurityInfo
GetPrivateObjectSecurity
GetSecurityInfo
GetUserObjectSecurity
QuerySecurityAccessMask
SetFileSecurity
SetKernelObjectSecurity
SetNamedSecurityInfo
SetPrivateObjectSecurity
SetSecurityAccessMask
SetSecurityInfo
SetUserObjectSecurity
TreeResetNamedSecurityInfo
TreeSetNamedSecurityInfo

 

 

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.