ISecurityInformation::GetSecurity method

The GetSecurity method requests a security descriptor for the securable object whose security descriptor is being edited. The access control editor calls this method to retrieve the object's current or default security descriptor.


HRESULT GetSecurity(
  [in]  SECURITY_INFORMATION RequestedInformation,
  [out] PSECURITY_DESCRIPTOR *ppSecurityDescriptor,
  [in]  BOOL                 fDefault


RequestedInformation [in]

A set of SECURITY_INFORMATION bit flags that indicate the parts of the security descriptor being requested. This parameter can be a combination of the following values.


The security descriptor must include the SID of the object's owner.


The security descriptor must include the SID of the object's primary group.


The security descriptor must include the object's DACL.


The security descriptor must include the object's SACL.


ppSecurityDescriptor [out]

A pointer to a variable that your implementation must set to a pointer to the object's security descriptor. The security descriptor must include the components requested by the RequestedInformation parameter.

The system calls the LocalFree function to free the returned pointer.

fDefault [in]

If this parameter is TRUE, ppSecurityDescriptor should return an application-defined default security descriptor for the object. The access control editor uses this default security descriptor to reinitialize the property page.

The access control editor sets this parameter to TRUE only if the user clicks the Default button. The Default button is displayed only if you set the SI_RESET flag in the ISecurityInformation::GetObjectInformation method. If no default security descriptor is available, do not set the SI_RESET flag.

If this flag is FALSE, ppSecurityDescriptor should return the object's current security descriptor.

Return value

Returns S_OK if successful.

Returns a nonzero error code if an error occurs. Returns E_ACCESSDENIED if the user does not have permission to read the requested security information.


Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]



See also

Access Control Editor
Access Control Editor Functions