SetSecurityDescriptorSacl

The SetSecurityDescriptorSacl function sets the system ACL information of an absolute format security descriptor. If there is already a system ACL present in the security descriptor, it is replaced.

Parameters

SecurityDescriptor

Pointer to the SECURITY_DESCRIPTOR data structure that the function will add the system ACL to.

SaclPresent

Specifies how the function will set the security descriptor's SaclPresent control flag and whether it will ignore the Sacl and SaclDefaulted parameters. If SaclPresent is FALSE, the function sets the SaclPresent flag to FALSE, and will ignore Sacl and SaclDefaulted. If SaclPresent is TRUE, the function sets the SaclPresent flag to TRUE, and Sacl and SaclDefaulted are not ignored.

Sacl

Pointer to an ACL data structure that specifies the system ACL for the security descriptor. If this optional parameter is not passed, a null ACL is assigned to the security descriptor. The ACL is referenced by, not copied into, the security descriptor.

The ACL data structure has the following form:

typedef struct _ACL { /* acl */

BYTE AclRevision;

BYTE Sbz1;

WORD AclSize;

WORD AceCount;

WORD Sbz2;

} ACL;

SaclDefaulted

Specifies, if TRUE, that the system ACL was picked up from some default mechanism; if FALSE, that the system ACL was explicitly specified by a user. The function will store this value into the security descriptor's SaclDefaulted control flag. This parameter is optional; if it is not passed, the SaclDefaulted flag will be cleared.

Return Value

The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.

See Also

GetSecurityDescriptorGroup, GetSecurityDescriptorControl, GetSecurityDescriptorDacl, GetSecurityDescriptorLength, GetSecurityDescriptorOwner, GetSecurityDescriptorSacl, InitializeSecurityDescriptor, IsValidSecurityDescriptor, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner