SetSecurityDescriptorDacl

	BOOL SetSecurityDescriptorDacl(SecurityDescriptor, DaclPresent, Dacl, DaclDefaulted)
	PSECURITY_DESCRIPTOR SecurityDescriptor;
	BOOL DaclPresent;
	PACL Dacl;
	BOOL DaclDefaulted;

The SetSecurityDescriptorDacl function sets the discretionary access control list information of an absolute format security descriptor. If there is already a discretionary ACL present in the security descriptor, it is replaced.

Parameters

SecurityDescriptor

Pointer to the SECURITY_DESCRIPTOR data structure that the function will add the discretionary ACL to.

DaclPresent

Specifies how the function will set the security descriptor's DaclPresent control flag and whether it will ignore the Dacl and DaclDefaulted parameters. If DaclPresent is FALSE, the function sets the DaclPresent flag to FALSE, and will ignore Dacl and DaclDefaulted. If DaclPresent is TRUE, the function sets the DaclPresent flag to TRUE, and Dacl and DaclDefaulted are not ignored.

Dacl

Pointer to an ACL data structure that specifies the discretionary ACL for the security descriptor. If this optional parameter is not passed, a null ACL is assigned to the security descriptor. A null discretionary ACL unconditionally denies access. The ACL is referenced by, not copied into, the security descriptor.

The ACL data structure has the following form:

typedef struct _ACL { /* acl */

BYTE AclRevision;

BYTE Sbz1;

WORD AclSize;

WORD AceCount;

WORD Sbz2;

} ACL;

DaclDefaulted

Specifies, if TRUE, that the discretionary ACL was picked up from some default mechanism; if FALSE, that the discretionary ACL was explicitly specified by a user. The function will store this value into the security descriptor's DaclDefaulted control flag. This parameter is optional; if it is not passed, the DaclDefaulted flag will be cleared.

Return Value

The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.