SECURITY_IMPERSONATION_LEVEL enumeration (winnt.h)

The SECURITY_IMPERSONATION_LEVEL enumeration contains values that specify security impersonation levels. Security impersonation levels govern the degree to which a server process can act on behalf of a client process.

Syntax

typedef enum _SECURITY_IMPERSONATION_LEVEL {
  SecurityAnonymous,
  SecurityIdentification,
  SecurityImpersonation,
  SecurityDelegation
} SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;

Constants

 
SecurityAnonymous
The server process cannot obtain identification information about the client, and it cannot impersonate the client. It is defined with no value given, and thus, by ANSI C rules, defaults to a value of zero.
SecurityIdentification
The server process can obtain information about the client, such as security identifiers and privileges, but it cannot impersonate the client. This is useful for servers that export their own objects, for example, database products that export tables and views. Using the retrieved client-security information, the server can make access-validation decisions without being able to use other services that are using the client's security context.
SecurityImpersonation
The server process can impersonate the client's security context on its local system. The server cannot impersonate the client on remote systems.
SecurityDelegation
The server process can impersonate the client's security context on remote systems.

Remarks

Impersonation is the ability of a process to take on the security attributes of another process.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Header winnt.h (include Windows.h)

See also

Authorization Enumerations

Client/Server Access Control Overview

CreatePrivateObjectSecurity

DuplicateToken

DuplicateTokenEx

GetTokenInformation

ImpersonateSelf

OpenThreadToken