CreatePrivateObjectSecurity

The CreatePrivateObjectSecurity function is used to allocate and initialize a self-relative Security Descriptor for a new protected server's object. It is called when a new protected server object is being created. The generated security descriptor will be in self-relative form.

Parameters

ParentDescriptor

Supplies the Security Descriptor for the parent directory under which a new object is being created. If there is no parent directory, then this argument is specified as NULL.

CreatorDescriptor

(Optionally) Points to a security descriptor presented by the creator of the object. If the creator of the object did not explicitly pass security information for the new object, then a null pointer should be passed.

NewDescriptor

Points to a pointer that is to be made to point to the newly allocated self-relative security descriptor.

IsDirectoryObject

Specifies if the new object is going to be a directory object. A value of TRUE indicates the object is a container of other objects.

Token

Supplies the token for the client on whose behalf the object is being created. If it is an impersonation token, then it must be at SecurityIdentification level or higher. If it is not an impersonation token, the operation proceeds normally.

A client token is used to retrieve default security information for the new object, such as default owner, primary group, and discretionary access control. The token must be open for TOKEN_QUERY access.

GenericMapping

Supplies a pointer to a generic mapping array denoting the mapping between each generic right to specific rights.

Return Value

The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.

DestroyPrivateObjectSecurity