CPrivateObjectSecurityDesc Class

 

The new home for Visual Studio documentation is Visual Studio 2017 Documentation on docs.microsoft.com.

The latest version of this topic can be found at CPrivateObjectSecurityDesc Class.

This class represents a private object security descriptor object.

class CPrivateObjectSecurityDesc : public CSecurityDesc

Public Constructors

NameDescription
CPrivateObjectSecurityDesc::CPrivateObjectSecurityDescThe constructor.
CPrivateObjectSecurityDesc::~CPrivateObjectSecurityDescThe destructor.

Public Methods

NameDescription
CPrivateObjectSecurityDesc::ConvertToAutoInheritCall this method to convert a security descriptor and its access-control lists (ACLs) to a format that supports automatic propagation of inheritable access-control entries (ACEs).
CPrivateObjectSecurityDesc::CreateCall this method to allocate and initialize a self-relative security descriptor for the private object created by the calling resource manager.
CPrivateObjectSecurityDesc::GetCall this method to retrieve information from a private object's security descriptor.
CPrivateObjectSecurityDesc::SetCall this method to modify a private object's security descriptor.

Operators

operator =Assignment operator.

This class, derived from CSecurityDesc, provides methods for creating and managing the security descriptor of a private object.

For an introduction to the access control model in Windows, see Access Control in the Windows SDK.

CSecurityDesc

CPrivateObjectSecurityDesc

Header: atlsecurity.h

Call this method to convert a security descriptor and its access-control lists (ACLs) to a format that supports automatic propagation of inheritable access-control entries (ACEs).

bool ConvertToAutoInherit(  
    const CSecurityDesc* pParent,
    GUID* ObjectType,
    bool bIsDirectoryObject,
    PGENERIC_MAPPING GenericMapping) throw();

Parameters

pParent
Pointer to a CSecurityDesc object referencing the parent container of the object. If there is no parent container, this parameter is NULL.

ObjectType
Pointer to a GUID structure that identifies the type of object associated with the current object. Set ObjectType to NULL if the object does not have a GUID.

bIsDirectoryObject
Specifies whether the new object can contain other objects. A value of true indicates that the new object is a container. A value of false indicates that the new object is not a container.

GenericMapping
Pointer to a GENERIC_MAPPING structure that specifies the mapping from each generic right to specific rights for the object.

Return Value

Returns true on success, false on failure.

Remarks

This method attempts to determine whether the ACEs in the discretionary access-control list (DACL) and system access-control list (SACL) of the current security descriptor were inherited from the parent security descriptor. It calls the ConvertToAutoInheritPrivateObjectSecurity function.

The constructor.

CPrivateObjectSecurityDesc() throw();

Remarks

Initializes the CPrivateObjectSecurityDesc object.

The destructor.

~CPrivateObjectSecurityDesc() throw();

Remarks

The destructor frees all allocated resources and deletes the private object's security descriptor.

Call this method to allocate and initialize a self-relative security descriptor for the private object created by the calling resource manager.

bool Create(  
    const CSecurityDesc* pParent,
    const CSecurityDesc* pCreator,
    bool bIsDirectoryObject,
    const CAccessToken& Token,
    PGENERIC_MAPPING GenericMapping) throw();

bool Create(  
    const CSecurityDesc* pParent,
    const CSecurityDesc* pCreator,
    GUID* ObjectType,
    bool bIsContainerObject,
    ULONG AutoInheritFlags,
    const CAccessToken& Token,
    PGENERIC_MAPPING GenericMapping) throw();

Parameters

pParent
Pointer to a CSecurityDesc object referencing the parent directory in which a new object is being created. Set to NULL if there is no parent directory.

pCreator
Pointer to a security descriptor provided by the creator of the object. If the object's creator does not explicitly pass security information for the new object, set this parameter to NULL.

bIsDirectoryObject
Specifies whether the new object can contain other objects. A value of true indicates that the new object is a container. A value of false indicates that the new object is not a container.

Token
Reference to the CAccessToken object for the client process on whose behalf the object is being created.

GenericMapping
Pointer to a GENERIC_MAPPING structure that specifies the mapping from each generic right to specific rights for the object.

ObjectType
Pointer to a GUID structure that identifies the type of object associated with the current object. Set ObjectType to NULL if the object does not have a GUID.

bIsContainerObject
Specifies whether the new object can contain other objects. A value of true indicates that the new object is a container. A value of false indicates that the new object is not a container.

AutoInheritFlags
A set of bit flags that control how access-control entries (ACEs) are inherited from pParent. See CreatePrivateObjectSecurityEx for more details.

Return Value

Returns true on success, false on failure.

Remarks

This method calls CreatePrivateObjectSercurity or CreatePrivateObjectSecurityEx.

The second method, which permits specifying the object type GUID of the new object or controlling how ACEs are inherited, is only available on systems running Windows 2000 and later.

System_CAPS_ICON_note.jpg Note

A self-relative security descriptor is a security descriptor that stores all of its security information in a contiguous block of memory.

Call this method to retrieve information from a private object's security descriptor.

bool Get(  
    SECURITY_INFORMATION si,
    CSecurityDesc* pResult) const throw();

Parameters

si
A set of bit flags that indicate the parts of the security descriptor to retrieve. This value can be a combination of the SECURITY_INFORMATION bit flags.

pResult
Pointer to a CSecurityDesc object that receives a copy of the requested information from the specified security descriptor.

Return Value

Returns true on success, false on failure.

Remarks

The security descriptor is a structure and associated data that contains the security information for a securable object.

Assignment operator.

CPrivateObjectSecurityDesc& operator= (const CPrivateObjectSecurityDesc& rhs) throw(...);

Parameters

rhs
The CPrivateObjectSecurityDesc object to assign to the current object.

Return Value

Returns the updated CPrivateObjectSecurityDesc object.

Call this method to modify a private object's security descriptor.

bool Set(  
    SECURITY_INFORMATION si,
    const CSecurityDesc& Modification,
    PGENERIC_MAPPING GenericMapping,
    const CAccessToken& Token) throw();

bool Set(  
    SECURITY_INFORMATION si,
    const CSecurityDesc& Modification,
    ULONG AutoInheritFlags,
    PGENERIC_MAPPING GenericMapping,
    const CAccessToken& Token) throw();

Parameters

si
A set of bit flags that indicate the parts of the security descriptor to set. This value can be a combination of the SECURITY_INFORMATION bit flags.

Modification
Pointer to a CSecurityDesc object. The parts of this security descriptor indicated by the si parameter are applied to the object's security descriptor.

GenericMapping
Pointer to a GENERIC_MAPPING structure that specifies the mapping from each generic right to specific rights for the object.

Token
Reference to the CAccessToken object for the client process on whose behalf the object is being created.

AutoInheritFlags
A set of bit flags that control how access-control entries (ACEs) are inherited from pParent. See CreatePrivateObjectSecurityEx for more details.

Return Value

Returns true on success, false on failure.

Remarks

The second method, which permits specifying the object type GUID of the object or controlling how ACEs are inherited, is only available on systems running Windows 2000 and later.

SECURITY_DESCRIPTOR
Class Overview
Security Global Functions
CSecurityDesc Class

Show: