SECURITY_INFORMATION

Article
01/07/2021

The SECURITY_INFORMATION data type identifies the object-related security information being set or queried. This security information includes:

The owner of an object
The primary group of an object
The discretionary access control list (DACL) of an object
The system access control list (SACL) of an object

typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;

Remarks

Some SECURITY_INFORMATION members work only with the SetNamedSecurityInfo function. These members are not returned in the structure returned by other security functions such as GetNamedSecurityInfo or ConvertStringSecurityDescriptorToSecurityDescriptor.

Each item of security information is designated by a bit flag. Each bit flag can be one of the following values. For more information, see the SetSecurityAccessMask and QuerySecurityAccessMask functions.

Value/rights required to query/set	Meaning
ATTRIBUTE_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_DAC	The resource properties of the object being referenced. The resource properties are stored in SYSTEM_RESOURCE_ATTRIBUTE_ACE types in the SACL of the security descriptor. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This bit flag is not available.
BACKUP_SECURITY_INFORMATION Right required to query: READ_CONTROL and ACCESS_SYSTEM_SECURITY Right required to set: WRITE_DAC and WRITE_OWNER and ACCESS_SYSTEM_SECURITY	All parts of the security descriptor. This is useful for backup and restore software that needs to preserve the entire security descriptor. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This bit flag is not available.
DACL_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_DAC	The DACL of the object is being referenced.
GROUP_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_OWNER	The primary group identifier of the object is being referenced.
LABEL_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_OWNER	The mandatory integrity label is being referenced. The mandatory integrity label is an ACE in the SACL of the object. Windows Server 2003 and Windows XP: This bit flag is not available.
OWNER_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_OWNER	The owner identifier of the object is being referenced.
PROTECTED_DACL_SECURITY_INFORMATION Right required to query: Not available Right required to set: WRITE_DAC	The DACL cannot inherit access control entries (ACEs).
PROTECTED_SACL_SECURITY_INFORMATION Right required to query: Not available Right required to set: ACCESS_SYSTEM_SECURITY	The SACL cannot inherit ACEs.
SACL_SECURITY_INFORMATION Right required to query: ACCESS_SYSTEM_SECURITY Right required to set: ACCESS_SYSTEM_SECURITY	The SACL of the object is being referenced.
SCOPE_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: ACCESS_SYSTEM_SECURITY	The Central Access Policy (CAP) identifier applicable on the object that is being referenced. Each CAP identifier is stored in a SYSTEM_SCOPED_POLICY_ID_ACE type in the SACL of the SD. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This bit flag is not available.
UNPROTECTED_DACL_SECURITY_INFORMATION Right required to query: Not available Right required to set: WRITE_DAC	The DACL inherits ACEs from the parent object.
UNPROTECTED_SACL_SECURITY_INFORMATION Right required to query: Not available Right required to set: ACCESS_SYSTEM_SECURITY	The SACL inherits ACEs from the parent object.

Requirements

Requirement	Value
Minimum supported client	Windows XP [desktop apps only]
Minimum supported server	Windows Server 2003 [desktop apps only]
Header	Winnt.h (include Windows.h)

SECURITY_INFORMATION

Remarks

Requirements

See also

Feedback

Feedback

Additional resources