| BOOL SetUserObjectSecurity(Token, SecurityInformation, ModificationDescriptor) | |||
| HANDLE Token; | |||
| PSECURITY_INFORMATION SecurityInformation; | |||
| PSECURITY_DESCRIPTOR ModificationDescriptor; |
The SetUserObjectSecurity function sets values in a security descriptor for an existing server application's object. It applies changes specified in a security descriptor parameter to the existing self-relative format security descriptor. If necessary, the function allocates additional memory to increase the size of the security descriptor. This function can only be called from user mode.
This function does no access checking. Do all access checking before calling this function. An access check should include, as appropriate, checks for WRITE_OWNER privilege, WRITE_DAC privilege, and the privilege to assign a system ACL.
Token
Optional handle to the token of the client on whose behalf security is being modified. A value of NULL indicates that the caller is impersonating a client, in which case the impersonation token is used. A client token is used in some situations to ensure that the client has provided legitimate values, such as a new owner SID. The token must be open for TOKEN_QUERY access.
SecurityInformation
Pointer to a SECURITY_INFORMATION data structure that describes the security information being set.
ModificationDescriptor
Pointer to a SECURITY_DESCRIPTOR data structure that describes the security descriptor fields to be replaced and contains the new values.
The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.
MakeSelfRelativeSD, CreatePrivateObjectSecurity, DestroyPrivateObjectSecurity, GetUserObjectSecurity, MakeAbsoluteSD