SECURITY_INFORMATION

typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;

A value of type SECURITY_INFORMATION is used to identify the object-related security information being set or queried. This security information includes:

  • The owner of an object

  • The primary group of an object

  • The discretionary access-control list (DACL) of an object

  • The system ACL (SACL) of an object

Each item of security information is designated by a bit flag. The following values specify the bits.

ValueMeaningAccess

DACL_SECURITY_INFORMATION

Indicates that the object's DACL is being set or queried.

For the following items, the DACL is queried:

IRP_MJ_QUERY_SECURITY

FLT_PARAMETERS for IRP_MJ_QUERY_SECURITY

FltQuerySecurityObject

SeQuerySecurityDescriptorInfo

For the following items, the DACL is set:

IRP_MJ_SET_SECURITY

FLT_PARAMETERS for IRP_MJ_SET_SECURITY

FltSetSecurityObject

SeSetSecurityDescriptorInfo

SeSetSecurityDescriptorInfoEx

Requires READ_CONTROL access for:

IRP_MJ_QUERY_SECURITY

FLT_PARAMETERS for IRP_MJ_QUERY_SECURITY

FltQuerySecurityObject

SeQuerySecurityDescriptorInfo

Requires WRITE_DAC access for:

IRP_MJ_SET_SECURITY

FLT_PARAMETERS for IRP_MJ_SET_SECURITY

FltSetSecurityObject

SeSetSecurityDescriptorInfo

SeSetSecurityDescriptorInfoEx

GROUP_SECURITY_INFORMATION

Indicates that the primary group identifier of the object is being set or queried.

For the following items, the group identifier is queried:

IRP_MJ_QUERY_SECURITY

FLT_PARAMETERS for IRP_MJ_QUERY_SECURITY

FltQuerySecurityObject

SeQuerySecurityDescriptorInfo

IRP_MJ_SET_SECURITY

FLT_PARAMETERS for IRP_MJ_SET_SECURITY

For the following items, the group identifier is set:

FltSetSecurityObject

SeSetSecurityDescriptorInfo

SeSetSecurityDescriptorInfoEx

Requires READ_CONTROL access for:

IRP_MJ_QUERY_SECURITY

FLT_PARAMETERS for IRP_MJ_QUERY_SECURITY

FltQuerySecurityObject

SeQuerySecurityDescriptorInfo

Requires WRITE_OWNER access for:

IRP_MJ_SET_SECURITY

FLT_PARAMETERS for IRP_MJ_SET_SECURITY

FltSetSecurityObject

SeSetSecurityDescriptorInfo

SeSetSecurityDescriptorInfoEx

OWNER_SECURITY_INFORMATION

Indicates that the owner identifier of the object is being set or queried.

For the following items, the owner identifier is queried:

IRP_MJ_QUERY_SECURITY

FLT_PARAMETERS for IRP_MJ_QUERY_SECURITY

FltQuerySecurityObject

SeQuerySecurityDescriptorInfo

IRP_MJ_SET_SECURITY

FLT_PARAMETERS for IRP_MJ_SET_SECURITY

For the following items, the owner identifier is set:

FltSetSecurityObject

SeSetSecurityDescriptorInfo

SeSetSecurityDescriptorInfoEx

Requires READ_CONTROL access for:

IRP_MJ_QUERY_SECURITY

FLT_PARAMETERS for IRP_MJ_QUERY_SECURITY

FltQuerySecurityObject

SeQuerySecurityDescriptorInfo

Requires WRITE_OWNER access for:

IRP_MJ_SET_SECURITY

FLT_PARAMETERS for IRP_MJ_SET_SECURITY

FltSetSecurityObject

SeSetSecurityDescriptorInfo

SeSetSecurityDescriptorInfoEx

SACL_SECURITY_INFORMATION

Indicates that the object's SACL is being set or queried.

For the following items, the SACL is queried:

IRP_MJ_QUERY_SECURITY

FLT_PARAMETERS for IRP_MJ_QUERY_SECURITY

FltQuerySecurityObject

SeQuerySecurityDescriptorInfo

IRP_MJ_SET_SECURITY

FLT_PARAMETERS for IRP_MJ_SET_SECURITY

For the following items, the SACL is set:

FltSetSecurityObject

SeSetSecurityDescriptorInfo

SeSetSecurityDescriptorInfoEx

Requires ACCESS_SYSTEM_SECURITY access in all cases.

PROCESS_TRUST_LABEL_SECURITY_INFORMATION

Reserved.

 

Requirements

Header

Wdm.h (include Wdm.h)

See also

ACL
SECURITY_DESCRIPTOR
SeQuerySecurityDescriptorInfo
SeSetSecurityDescriptorInfo
SeSetSecurityDescriptorInfoEx
ZwQuerySecurityObject
ZwSetSecurityObject

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft