Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Windows Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
Windows Driver Kit
Reference
Security Structures
 SECURITY_IMPERSONATION_LEVEL
Windows Driver Kit: Installable File System Drivers
SECURITY_IMPERSONATION_LEVEL

The SECURITY_IMPERSONATION_LEVEL enumeration type contains values that specify security impersonation levels. Security impersonation levels govern the degree to which a server process can act on behalf of a client process. 

typedef enum _SECURITY_IMPERSONATION_LEVEL {
  SecurityAnonymous,
  SecurityIdentification,
  SecurityImpersonation,
  SecurityDelegation
} SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;

#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation

#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation

#define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous // Windows XP and later only

Enumerators

SecurityAnonymous
The server process cannot obtain identification information about the client and it cannot impersonate the client. It is defined with no value given, and thus, by ANSI C rules, defaults to a value of zero.
SecurityIdentification
The server process can obtain information about the client, such as security identifiers and privileges, but it cannot impersonate the client. This is useful for servers that export their own objects — for example, database products that export tables and views. Using the retrieved client-security information, the server can make access-validation decisions without being able to utilize other services using the client's security context.
SecurityImpersonation
The server process can impersonate the client's security context on its local system. The server cannot impersonate the client on remote systems.
SecurityDelegation
The server process can impersonate the client's security context on remote systems.

Microsoft Windows NT 4.0 and earlier: This impersonation level is not supported.

Microsoft Windows 2000 and later: This impersonation level is supported.

Comments

Impersonation is the ability of a process to take on the security attributes of another process.

Requirements

Headers: Declared in ntifs.h. Include ntifs.h.

See Also

LUID, LUID_AND_ATTRIBUTES, PRIVILEGE_SET, PsImpersonateClient, PsReferenceImpersonationToken, SeAccessCheck, SECURITY_SUBJECT_CONTEXT, SeQueryInformationToken, SID_AND_ATTRIBUTES, ZwQueryInformationToken


Send feedback on this topic
Built on October 01, 2009
© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement | Site Feedback
Page view tracker