Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Low-level Security Descriptor Creation

Low-level access control provides a set of functions for creating a security descriptor and getting and setting the components of a security descriptor. The low-level functions for initializing and setting the components of a security descriptor work only with absolute-format security descriptors. The low-level functions for getting the components of a security descriptor work with both absolute and self-relative security descriptors.

The InitializeSecurityDescriptor function initializes a SECURITY_DESCRIPTOR buffer. The initialized security descriptor is in absolute format and has no owner, primary group, discretionary access control list (DACL), or system access control list (SACL). You can use the following low-level functions to get or set specific components of a specified security descriptor.

GetSecurityDescriptorControl Retrieves revision and control information from a security descriptor.
GetSecurityDescriptorDacl Retrieves the DACL from a security descriptor.
GetSecurityDescriptorGroup Retrieves the primary group security identifier (SID) from a security descriptor.
GetSecurityDescriptorLength Returns the length of a security descriptor.
GetSecurityDescriptorOwner Retrieves the owner SID from a security descriptor.
GetSecurityDescriptorSacl Retrieves the SACL from a security descriptor.
SetSecurityDescriptorDacl Puts a DACL into a security descriptor, superseding any existing DACL.
SetSecurityDescriptorGroup Sets the primary group SID of a security descriptor.
SetSecurityDescriptorOwner Sets the owner SID of a security descriptor.
SetSecurityDescriptorSacl Puts a SACL into a security descriptor, superseding any existing SACL.


To check the revision level and structural integrity of a security descriptor, call the IsValidSecurityDescriptor function.



Community Additions

© 2015 Microsoft