Export (0) Print
Expand All

SECURITY_IMPERSONATION_LEVEL enumeration

The SECURITY_IMPERSONATION_LEVEL enumeration type contains values that specify security impersonation levels. Security impersonation levels govern the degree to which a server process can act on behalf of a client process.

Syntax


typedef enum _SECURITY_IMPERSONATION_LEVEL { 
  SecurityAnonymous,
  SecurityIdentification,
  SecurityImpersonation,
  SecurityDelegation
} SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;

Constants

SecurityAnonymous

The server process cannot obtain identification information about the client and it cannot impersonate the client. It is defined with no value given, and thus, by ANSI C rules, defaults to a value of zero.

SecurityIdentification

The server process can obtain information about the client, such as security identifiers and privileges, but it cannot impersonate the client. This is useful for servers that export their own objects -- for example, database products that export tables and views. Using the retrieved client-security information, the server can make access-validation decisions without being able to utilize other services using the client's security context.

SecurityImpersonation

The server process can impersonate the client's security context on its local system. The server cannot impersonate the client on remote systems.

SecurityDelegation

The server process can impersonate the client's security context on remote systems.

This impersonation level is supported starting with Windows 2000.

Remarks

Impersonation is the ability of a process to take on the security attributes of another process.

Note  Be aware of the following derived types:
#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
#define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous // Windows XP and later only

Requirements

Header

Wdm.h (include Wdm.h, Ntddk.h, Ntifs.h, or Fltkernel.h)

See also

LUID
LUID_AND_ATTRIBUTES
PRIVILEGE_SET
PsImpersonateClient
PsReferenceImpersonationToken
SeAccessCheck
SECURITY_SUBJECT_CONTEXT
SeQueryInformationToken
SID_AND_ATTRIBUTES
ZwQueryInformationToken

 

 

Send comments about this topic to Microsoft

Show:
© 2015 Microsoft