Home Library Learn Downloads Support Community
Sign in | United States - English | |
This topic has not yet been rated - Rate this topic

GetPrivateObjectSecurity function

Applies to: desktop apps only

The GetPrivateObjectSecurity function retrieves information from a private object's security descriptor.

Syntax

Copy 
BOOL WINAPI GetPrivateObjectSecurity(
  __in       PSECURITY_DESCRIPTOR ObjectDescriptor,
  __in       SECURITY_INFORMATION SecurityInformation,
  __out_opt  PSECURITY_DESCRIPTOR ResultantDescriptor,
  __in       DWORD DescriptorLength,
  __out      PDWORD ReturnLength
);

Parameters

ObjectDescriptor [in]

A pointer to a SECURITY_DESCRIPTOR structure. This is the security descriptor to be queried.

SecurityInformation [in]

A set of bit flags that indicate the parts of the security descriptor to retrieve. This parameter can be a combination of the SECURITY_INFORMATION bit flags.

ResultantDescriptor [out, optional]

A pointer to a buffer that receives a copy of the requested information from the specified security descriptor. The SECURITY_DESCRIPTOR structure is returned in self-relative format.

DescriptorLength [in]

Specifies the size, in bytes, of the buffer pointed to by the ResultantDescriptor parameter.

ReturnLength [out]

A pointer to a variable the function sets to zero if the descriptor is copied successfully. If the buffer is too small for the security descriptor, this variable receives the number of bytes required. If this variable's value is greater than the value of the DescriptorLength parameter when the function returns, the function returns FALSE and none of the security descriptor is copied to the buffer.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

This function is intended for use by resource managers only. To implement the standard access control semantics for updating security descriptors, a resource manager should verify that the following conditions are met before calling GetPrivateObjectSecurity:

  • If the object's owner is being set, the calling process must have either WRITE_OWNER permission or be the object's owner.
  • If the object's discretionary access control list is being set, the calling process must have either WRITE_DAC permission or be the object's owner.
  • If the object's system access control list is being set, the SE_SECURITY_NAME privilege must be enabled for the calling process.

If the preceding conditions are not met, a call to this function does not fail, however, standard access policy is not enforced.

Requirements

Minimum supported client

Windows XP

Minimum supported server

Windows Server 2003

Header
Winbase.h (include Windows.h)

Library
Advapi32.lib

DLL
Advapi32.dll

See also

Client/Server Access Control Overview
Client/Server Access Control Functions
CreatePrivateObjectSecurity
DestroyPrivateObjectSecurity
GetFileSecurity
GetKernelObjectSecurity
GetUserObjectSecurity
SECURITY_DESCRIPTOR
SECURITY_INFORMATION
SetPrivateObjectSecurity

 

 

Send comments about this topic to Microsoft

Build date: 3/7/2012

Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ