typedef PVOID PSECURITY_DESCRIPTOR;
The SECURITY_DESCRIPTOR data structure contains the security information associated with an object. Use this structure to set and query an object's security status.
Treat the SECURITY_DESCRIPTOR data structure as an opaque data structure. Use the functions listed in the SeeAlso section below to create and manipulate SECURITY_DESCRIPTOR data structures. These functions reference SECURITY_DESCRIPTORs via the pointer to void data type shown above.
A security descriptor includes information that specifies:
an owner
a primary group
a discretionary access control list
a system access control list
qualifiers for the preceding items
The functions listed below in the See Also section allow manipulation of this information.
Security descriptors use access control lists (ACLs) and security identifiers (SIDs) to specify this information.
A security descriptor can be in absolute or self-relative form. In self-relative form, all fields of the security descriptor are located contiguously in memory.
GetSecurityDescriptorControl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorLength, GetSecurityDescriptorSacl, InitializeSecurityDescriptor, IsValidSecurityDescriptor, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorSacl