Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Security
Authorization
 GetFileSecurity Function
GetFileSecurity Function

The GetFileSecurity function obtains specified information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges.

The GetNamedSecurityInfo function provides functionality similar to GetFileSecurity for files as well as other types of objects.

Syntax

C++ 
BOOL WINAPI GetFileSecurity(
  __in       LPCTSTR lpFileName,
  __in       SECURITY_INFORMATION RequestedInformation,
  __out_opt  PSECURITY_DESCRIPTOR pSecurityDescriptor,
  __in       DWORD nLength,
  __out      LPDWORD lpnLengthNeeded
);

Parameters

lpFileName [in]

A pointer to a null-terminated string that specifies the file or directory for which security information is retrieved.

RequestedInformation [in]

A SECURITY_INFORMATION value that identifies the security information being requested.

pSecurityDescriptor [out, optional]

A pointer to a buffer that receives a copy of the security descriptor of the object specified by the lpFileName parameter. The calling process must have permission to view the specified aspects of the object's security status. The SECURITY_DESCRIPTOR structure is returned in self-relative format.

nLength [in]

Specifies the size, in bytes, of the buffer pointed to by the pSecurityDescriptor parameter.

lpnLengthNeeded [out]

A pointer to the variable that receives the number of bytes necessary to store the complete security descriptor. If the returned number of bytes is less than or equal to nLength, the entire security descriptor is returned in the output buffer; otherwise, none of the descriptor is returned.

Return Value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

To read the owner, group, or DACL from the security descriptor for the specified file or directory, the DACL for the file or directory must grant READ_CONTROL access to the caller, or the caller must be the owner of the file or directory.

To read the SACL of a file or directory, the SE_SECURITY_NAME privilege must be enabled for the calling process.

Requirements

Minimum supported clientWindows 2000 Professional
Minimum supported serverWindows 2000 Server
HeaderWinbase.h (include Windows.h)
LibraryAdvapi32.lib
DLLAdvapi32.dll
Unicode and ANSI namesGetFileSecurityW (Unicode) and GetFileSecurityA (ANSI)

See Also

Low-level Access Control
Low-level Access Control Functions
GetKernelObjectSecurity
GetNamedSecurityInfo
GetPrivateObjectSecurity
GetUserObjectSecurity
SECURITY_DESCRIPTOR
SECURITY_INFORMATION
SetFileSecurity

Send comments about this topic to Microsoft

Build date: 9/11/2009

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement | Site Feedback
Page view tracker