The SeSetSecurityDescriptorInfo routine sets an object's security descriptor.
NTSTATUS SeSetSecurityDescriptorInfo( _In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping );
- Object [in, optional]
Pointer to the object whose security descriptor is to be set. This is used to update security quota information.
- SecurityInformation [in]
Pointer to a bitmask specifying which security information is to be applied to the object. Can be a combination of one or more of the following values.
Indicates the discretionary access control list (DACL) of the object is being set. Requires WRITE_DAC access.
Indicates the primary group identifier of the object is being set. Requires WRITE_OWNER access.
Indicates the owner identifier of the object is being set. Requires WRITE_OWNER access.
Indicates the system ACL (SACL) of the object is being set. Requires ACCESS_SYSTEM_SECURITY access.
- SecurityDescriptor [in]
The input security descriptor to be applied to the object. The caller of this routine is expected to probe and capture the passed security descriptor before calling SeSetSecurityDescriptorInfo, and to release it afterward.
- ObjectsSecurityDescriptor [in, out]
Pointer to a pointer to the object's security descriptor. The security descriptor must be in self-relative format. The caller is responsible for freeing this structure when it is no longer needed.
- PoolType [in]
Specifies the pool type to use when allocating a new security descriptor, which can be one of the following:
Usually, a caller specifies PagedPool, or else NonPagedPool if the buffer will be accessed at IRQL >= DISPATCH_LEVEL or in an arbitrary thread context.Note The NonPagedPoolMustSucceed and NonPagedPoolCacheAlignedMustS pool types are obsolete and should no longer be used.
- GenericMapping [in]
Pointer to a GENERIC_MAPPING structure that specifies the mapping of generic to specific and standard access types for the object being accessed. This mapping structure is expected to be safe to access (that is, captured if necessary) prior to be passed to this routine.
The object's security descriptor was successfully modified.
The provided object's security descriptor was not in self-relative format.
The object does not have a security descriptor.
SeSetSecurityDescriptorInfo modifies an object's existing security descriptor. If the object does not have a security descriptor, the call to SeSetSecurityDescriptorInfo will fail.
To specify whether the object supports automatic inheritance of access control entries (ACE), use SeSetSecurityDescriptorInfoEx.
A security descriptor can be in absolute or self-relative form. In self-relative form, all members of the structure are located contiguously in memory. In absolute form, the structure only contains pointers to the members.
For more information about security and access control, see the documentation on these topics in the Microsoft Windows SDK.