Authorization Structures
The following structures are used with authorization applications.
In this section
| Topic | Description |
|---|---|
|
Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-allowed ACE allows access to an object for a specific trustee identified by a security identifier (SID). | |
|
The ACCESS_ALLOWED_CALLBACK_ACE structure defines an access control entry for the discretionary access control list that controls access to an object. | |
|
Defines an access control entry (ACE) that controls allowed access to an object, property set, or property. | |
|
Defines an access control entry (ACE) that controls allowed access to an object, a property set, or property. | |
|
Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-denied ACE denies access to an object for a specific trustee identified by a security identifier (SID). | |
|
The ACCESS_DENIED_CALLBACK_ACE structure defines an access control entry for the discretionary access control list that controls access to an object. | |
|
The ACCESS_DENIED_CALLBACK_OBJECT_ACE structure defines an access control entry that controls denied access to an object, a property set, or property. | |
|
Defines an access control entry (ACE) that controls denied access to an object, a property set, or property. | |
|
Lists the currently defined ACE types. | |
|
Defines the type and size of an access control entry (ACE). | |
|
Header of an access control list (ACL). | |
|
Contains revision information about an ACL structure. | |
|
Contains information about the size of an ACL structure. | |
|
Specifies a security event type and when to audit that type. | |
|
Defines an access check reply. | |
|
Defines an access check request. | |
|
Defines the initialization information for the resource manager. | |
|
Specifies the offset of a registration object type name. | |
|
initializes a remote resource manager for a client. | |
|
Specifies a fully qualified binary name value associated with a security attribute. | |
|
Specifies an octet string value for a security attribute. | |
|
Defines a security attribute that can be associated with an authorization context. | |
|
Specifies one or more security attributes and values. | |
|
Specifies information about source schema registration. | |
|
Specifies the fully qualified binary name. | |
|
Specifies the OCTET_STRING value type of the claim security attribute. | |
|
Defines a resource attribute that is defined in continuous memory for persistence within a serialized security descriptor. | |
|
Defines a security attribute that can be associated with a token or authorization context. | |
|
Defines the security attributes for the claim. | |
|
Lists the effective permissions. | |
|
Defines access control information for a specified trustee. | |
|
Defines the mapping of generic access rights to specific and standard access rights for an object. | |
|
Provides information about an object's inherited access control entry (ACE). | |
|
64-bit value guaranteed to be unique only on the system on which it was generated. | |
|
Represents a locally unique identifier (LUID) and its attributes. | |
|
Identifies an object type element in a hierarchy of object types. | |
|
Contains a string that identifies a trustee by name and additional strings that identify the object types of an object-specific access control entry (ACE). | |
|
Contains a security identifier (SID) that identifies a trustee and GUIDs that identify the object types of an object-specific access control entry (ACE). | |
|
Specifies an array of SID structures that represent Windows users or groups. | |
|
Specifies a set of privileges. | |
|
The SECURITY_ATTRIBUTES security structure contains the security descriptor for an object and specifies whether the handle retrieved by specifying this structure is inheritable. | |
|
Defines the security capabilities of the app container. | |
|
Contains the security information associated with an object. | |
|
Contains the security object information. | |
|
Contains information used to support client impersonation. | |
|
Contains information about an access right or default access mask for a securable object. | |
|
Contains information about how access control entries (ACEs) can be inherited by child objects. | |
|
Used to initialize the access control editor. | |
|
Used to uniquely identify users or groups. | |
|
Represents a security identifier (SID) and its attributes. | |
|
Specifies a hash values for the specified array of security identifiers (SIDs) | |
|
Represents the top-level authority of a security identifier (SID). | |
|
Contains the list of common names corresponding to the SID structures returned by ISecurityInformation2::LookupSids. | |
|
Contains a list of SID_INFO structures. | |
|
The SYSTEM_ALARM_ACE structure is reserved for future use. | |
|
The SYSTEM_ALARM_CALLBACK_ACE structure is reserved for future use. | |
|
The SYSTEM_ALARM_CALLBACK_OBJECT_ACE structure is reserved for future use. | |
|
The SYSTEM_ALARM_OBJECT_ACE structure is reserved for future use. | |
|
Defines an access control entry (ACE) for the system access control list (SACL) that specifies what types of access cause system-level notifications. | |
|
The SYSTEM_AUDIT_CALLBACK_ACE structure defines an access control entry for the system access control list that specifies what types of access cause system-level notifications. | |
|
The SYSTEM_AUDIT_CALLBACK_OBJECT_ACE structure defines an access control entry for a system access control list. | |
|
Defines an access control entry (ACE) for a system access control list (SACL). | |
|
Defines an access control entry (ACE) for the system access control list (SACL) that specifies the mandatory access level and policy for a securable object. | |
|
Defines an access control entry (ACE) for the system access control list (SACL) that specifies the system resource attributes for a securable object. | |
|
Defines an access control entry (ACE) for the system access control list (SACL) that specifies the scoped policy identifier for a securable object. | |
|
Specifies all the information in a token that is necessary to perform an access check. | |
|
Specifies all the information in a token that is necessary for an app container. | |
|
Specifies the per user audit policy for a token. | |
|
Contains information that identifies an access token. | |
|
Specifies a discretionary access control list (DACL). | |
|
Defines the device claims for the token. | |
|
Indicates whether a token has elevated privileges. | |
|
Contains information about the group security identifiers (SIDs) in an access token. | |
|
Contains information about the group security identifiers (SIDs) and privileges in an access token. | |
|
Contains a handle to a token. This token is linked to the token being queried by the GetTokenInformation function or set by the SetTokenInformation function. | |
|
Specifies the mandatory integrity level for a token. | |
|
Specifies the mandatory integrity policy for a token. | |
|
Contains information about the origin of the logon session. | |
|
Contains the default owner security identifier (SID) that will be applied to newly created objects. | |
|
Specifies a group security identifier (SID) for an access token. | |
|
Contains information about a set of privileges for an access token. | |
|
Identifies the source of an access token. | |
|
Contains information about an access token. | |
|
Identifies the user associated with an access token. | |
|
Defines the user claims for the token. | |
|
Identifies the user account, group account, or logon session to which an access control entry (ACE) applies. |
Authorization structures are categorized according to usage as follows:
- Basic Access Control Structures
- Access Control Editor Structures
- Client/Server Access Control Structures
Basic Access Control Structures
The following structures are used with access control.
- ACCESS_ALLOWED_ACE
- ACCESS_ALLOWED_CALLBACK_ACE
- ACCESS_ALLOWED_CALLBACK_OBJECT_ACE
- ACCESS_ALLOWED_OBJECT_ACE
- ACCESS_DENIED_ACE
- ACCESS_DENIED_CALLBACK_ACE
- ACCESS_DENIED_CALLBACK_OBJECT_ACE
- ACCESS_DENIED_OBJECT_ACE
- ACE
- ACE_HEADER
- ACL
- ACL_REVISION_INFORMATION
- ACL_SIZE_INFORMATION
- EXPLICIT_ACCESS
- LUID
- LUID_AND_ATTRIBUTES
- OBJECTS_AND_NAME
- OBJECTS_AND_SID
- SECURITY_ATTRIBUTES
- SECURITY_DESCRIPTOR
- SID
- SID_AND_ATTRIBUTES
- SID_IDENTIFIER_AUTHORITY
- SYSTEM_ALARM_ACE
- SYSTEM_ALARM_CALLBACK_ACE
- SYSTEM_ALARM_CALLBACK_OBJECT_ACE
- SYSTEM_ALARM_OBJECT_ACE
- SYSTEM_AUDIT_ACE
- SYSTEM_AUDIT_CALLBACK_ACE
- SYSTEM_AUDIT_CALLBACK_OBJECT_ACE
- SYSTEM_AUDIT_OBJECT_ACE
- SYSTEM_MANDATORY_LABEL_ACE
- TOKEN_CONTROL
- TOKEN_DEFAULT_DACL
- TOKEN_GROUPS
- TOKEN_GROUPS_AND_PRIVILEGES
- TOKEN_ORIGIN
- TOKEN_OWNER
- TOKEN_PRIMARY_GROUP
- TOKEN_PRIVILEGES
- TOKEN_SOURCE
- TOKEN_STATISTICS
- TOKEN_USER
- TRUSTEE
Access Control Editor Structures
The following structures are used with the access control editor.
Client/Server Access Control Structures
The following structures implement client/server access control functionality.
- AUTHZ_ACCESS_REPLY
- AUTHZ_ACCESS_REQUEST
- AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET
- AUTHZ_SOURCE_SCHEMA_REGISTRATION
- GENERIC_MAPPING
- OBJECT_TYPE_LIST
- PRIVILEGE_SET
- SECURITY_QUALITY_OF_SERVICE