SetSecurityDescriptor method of the MSFT_MaskingSet class

Sets the security descriptor that controls access to the masking set object.


UInt32 SetSecurityDescriptor(
  [in]  String SecurityDescriptor,
  [out] String ExtendedStatus


SecurityDescriptor [in]

A Security Descriptor Definition Language (SDDL) formatted string describing the access control list of the object. This parameter is required and cannot be NULL.

ExtendedStatus [out]

A string that contains an embedded MSFT_StorageExtendedStatus object.

This parameter allows the storage provider to return extended (implementation-specific) error information.

Return value

Success (0)
Not Supported (1)
Unspecified Error (2)
Timeout (3)
Failed (4)
Invalid Parameter (5)
Access denied (40001)
There are not enough resources to complete the operation. (40002)
Cannot connect to the storage provider. (46000)
The storage provider cannot connect to the storage subsystem. (46001)


The user must have sufficient privileges to set the security descriptor.

If the call is not made in the context of a user specified in the security descriptor's access control list, this method will fail with Access Denied.

If an empty security descriptor is passed to this method, the behavior is left to the specific implementation as long as there is some user context (typically domain administrators) that can access and administer the object.


Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]





See also