SetPrivateObjectSecurity

  BOOL SetPrivateObjectSecurity(SecurityInformation, ModificationDescriptor, ObjectsSecurityDescriptor, GenericMapping, Token)    
  SECURITY_INFORMATION SecurityInformation;    
  PSECURITY_DESCRIPTOR ModificationDescriptor;    
  PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor;    
  PGENERIC_MAPPING GenericMapping;    
  HANDLE Token;    

The SetPrivateObjectSecurity function modifies an object's existing (self-relative form) security descriptor.

Parameters

SecurityInformation

Specifies the type of security information to be applied to the object. The value(s) to be assigned are passed in the ModificationDescriptor parameter.

ModificationDescriptor

Specifies the security descriptor to be applied to the object.

ObjectsSecurityDescriptor

Points to the security descriptor to be altered by this function. This security descriptor must be in self-relative form.

GenericMapping

Specifies the mapping of generic to specific/standard access types for the object being accessed.

Token

Specifies the token for the client on whose behalf the security is being modified. This parameter is only required to ensure that the client has provided a legitimate value for a new owner SID. The token must be open for TOKEN_QUERY access.

Return Value

The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.

Comments

This procedure, called only from user mode, is used to update a security descriptor on an existing protected server's object. It applies changes requested by a new security descriptor to the existing security descriptor. If necessary, this routine will allocate additional memory to produce a larger security descriptor. All access checking is expected to be done before calling this routine. This includes checking for WRITE_OWNER, WRITE_DAC, and privilege to assign a system ACL as appropriate.

The caller of this routine must not be impersonating a client.